And it looks like voice tracking for marketing purposes is all fair game since the privacy policies and end-user agreements you agreed to and current laws actually allow it. There are definitely privacy issues regarding these practices but it turns out third-party apps may not be listening to you after all. The truth may be even worse than what was previously thought.

Is that app watching you?

New evidence from researchers at Northeastern University in Boston suggests that although your smartphone is not listening to you without your permission, it’s actually worse – your smartphone may be secretly watching you! Their study analyzed 17,260 popular Android apps, including a number of Facebook-owned apps, and of these apps, 9,000 had permissions to access a smartphone’s camera and microphone. According to their findings, there is no conclusive evidence that apps are secretly activating a phone’s mic and are sending the recordings out without permission. However, they found evidence of something more alarming. The researchers discovered that some of these apps can record videos and capture screenshots of your activity then send this information to third parties! Some apps will even capture personal information including ZIP codes and postal codes.

GoPuff records you without permission

The food delivery service GoPuff’s app, in particular, was singled out as guilty of capturing screen recordings and sending the data to a mobile data analytics company called Appsee. How popular is the GoPuff app? Well, it has been downloaded more than 100,000 times from the official Google Play app store. Although Appsee actually prides itself on using screen recordings as tools for its app analytics, the alarming part about the GoPuff app is that it is not obvious to the user that their activity is being recorded nor is it disclosed in its privacy policy. After the researchers contacted GoPuff about its app’s troubling behavior, the company reportedly updated its terms of service and added that “Appsee might receive PII (Personally Identifiable Information).” GoPuff also added that “as an added precaution,” they have “pulled Appsee SDK from the latest Android and iOS builds” of their app.

Appsee throws GoPuff under the bus

For its part, however, Appsee is putting the blame squarely on GoPuff. Appsee’s CEO Zahi Boussiba told Gizmodo that his company’s terms of service dictate that their customers “must disclose the use of a 3rd party technology” and forbids them from “tracking any personal data with Appsee.” Boussiba then said that it appears that GoPuff violated their terms of service and misused their technology. “Once this issue was brought to our attention we’ve immediately disabled tracking capabilities for the mentioned app and purged all recordings data from our servers,” Boussiba told Gizmodo.

Google Play’s response

Now, the big question is this – how did this privacy violation make it through the Google Play Store anyway? Google Play’s policy clearly states that app developers must be transparent in how user data is handled by “disclosing the collection, use, and sharing of the data.” If shady practices like this can make it through the Play Store’s vetting system and apps can actually record your phone screen without your knowledge, how safe really is your data from hackers and malicious apps that may be taking advantage of this loophole and slip a fast one on everyone?

How to control your apps’ permissions

This is why checking for your app permissions regularly is a good security practice. Not only will it give you more privacy control and stop apps from potentially from spying and abusing your trust, it can also weed out apps that are constantly running in the background, which can, in turn, improve your gadget’s battery life. Fortunately, checking app permissions is not that hard. Here’s how you control your apps’ permissions both in Android and iOS.