A few months ago, we talked about OverSight, a tool created by a former NSA engineer who, when installed on a Mac, immediately accuses any “nosy” source that wants to intercept an audio or video transmission. Today, the program has already generated its first controversy, and it was with the number one music recognition app in the world, the Shazam and this controversy was so loud that the developers have already committed to update the app eliminating the detected behavior.
It all started when a Shazam user on Mac noticed a series of accusations by OverSight that the utility would be accessing the device's microphone even after it was turned off in its control window. The user then contacted Patrick Wardle, the creator of OverSight; the former NSA engineer, in turn, did a complete reverse engineering study on the app and posted his findings on his personal blog.
Basically, Wardle came to the conclusion that Shazam maintains access to the computer's microphone even when turned off, as a way to optimize the user experience, identifying music more quickly when the application is turned on. The app does not process, send or analyze any type of content when it is turned off, it only keeps some parts of the ambient sound to make the analysis when it is reactivated.
The creator of OverSight also notes that he does not believe that there is any “malice” on the part of the developers in implementing this behavior in the application; on the other hand, it makes room for a series of malware that infect the Shazam for Mac itself and have unlimited access to the microphone silently. Ultimately, it is a mistake by the developers not to make it very clear to the user that the app continues to access the microphone even though it is turned off, concludes Wardle.
The reaction of the Shazam team to the discoveries came in two different phases. First, company vice president James Pearson declared to the Motherboard:
There is no privacy problem, since the audio is unprocessed unless the user turns on the app. If access to the microphone was not maintained, it would take more time for the application to start and start capturing audio, and this would more likely make a poor experience in which users would “lose” a song they were trying to identify.
In the opinion of the one who writes to you, this justification is not supported, since the application brings a very large “on” or “off” switch and, if the user wants the immediate identification of all the music in the environment, leave the application always in on mode. Otherwise, Shazam is turned off and, at least in theory, the app should stop having access to the microphone entirely.
So much so that company executives, after some time, seemed to realize the magnitude of the problem and went back to their considerations. CNET, executive Fabio Santini stated that “even without recognizing a significant risk”, the Shazam application for Mac will be updated in the next few days this time, actually shutting down when in the off mode.