Is G+ native app’s camera feature an invasion of your privacy?

July 15, 2014

google plus nexus 5 2

In a Google+ post, I recently noted that the latest iteration of the G+ native app for Android automatically brings up a display with a live view of the device’s camera without user intervention, every time that a user goes to make a status update. As you can imagine, this immediately caught my attention.

The issue here is that there is a very real potential for abuse, as it seems that Google could easily enable recording on these devices. This would be especially problematic on a device like my 2012 Nexus 7, as there is no visual indicator that the camera is active.

After posting my misgivings about the potential security implications of this change, several users responded in defense of Google and the new feature. In an interesting twist, I’ve found most of the people who tend to vigorously defend Google in matters like this are often the most vocal opponents of similar behaviors by Microsoft. Let’s explore that a little.

google-plus-camera-watching

How much outrage, anger and press did we see over the idea that the Xbox One required Kinect and might be recording you persistently? Do a Google Search, it is one of the auto-suggest top hits. Type in “Xbox Kinect” and Google helpfully suggests that privacy is the most frequent next word searched. On the same note, a story from The Verge highlights some of the early concerns related to the Xbox One, Kinect and privacy.

This article warns:

Even when the console’s turned off, users can simply say “Xbox On” to power up — which means the new Kinect will be listening to you in your living room at all times.

Furthermore, the article ominously suggests:

When the first iteration of Kinect headed to the market in 2010, Microsoft’s Dennis Durken suggested to investors that the peripheral might pass data to advertisers about how you look, play, and speak. ‘We can cater what content gets presented to you based on who you are,’ he said, sparking privacy concerns.

Of course, people raising flags about Microsoft aren’t alone. We’ve also seen the alarm sounded on security issues related to Apple products. But Google has actually admitted their intention to record audio to help better target advertising. This is exactly the same kind of technology Microsoft suggested could be harnessed with Kinect. It is an extension of the opt-in technology that makes Google Now so powerful. The problem arises when persistently aware devices and apps become prevalent, like the Moto X.

The problem arises when persistently aware devices and apps become prevalent

These devices are basically remote drones that are always listening and running algorithms like those found in Shazam and Soundhound. Even Google Now has added audio recognition directly into the audio search capabilities – simply start a Google Now search while listening to music and then tap the blue icon of a note that appears, and Google will helpfully tell you the name of the song you are listening to and provide links to purchase it.

The problem is basically the same I countered critics with about  Google WiFi password cloud harvesting… I mean “automatic backup,” feature: Many users are not likely to know, understand, or realize the severity of what it means to allow Google — or Microsoft, or Apple, for that matter — to engage in this behavior. When features are enabled by default without requiring the user to opt-in, many will unknowingly consent to an invasive feature they might otherwise object to.

moto-x-touchless

Others may be exposed to the behavior of these devices without implicitly being able to opt-in or out. When a Moto X is persistently listening at all times – sending those recordings back to Google’s Cloud for analysis, imagine the potential for abuse by a government or a spying corporation that might compromise Google’s network. An unlikely conspiracy theory? I wouldn’t be so quick there. It isn’t your device you have to worry about, it is the person next to you and their device.

imagine the potential for abuse by a government or a spying corporation that might compromise Google’s network

As an IT policy, I’m not sure I want devices in my offices that are always listening and analyzing what is heard, or for that matter, seen. Likewise, politicians and businessman would be very nervous about the potential for abuse presented by devices with features like these. If you think the potential for unintentional abuse is overstated, it has already been reported that the implementation of this kind of listening technology in Chrome can already be exploited for malicious purposes.

In Google+ I received this response to my concern: “and yet you continue to use their products”. Yet again, I am reminded how frequently people are upset at Microsoft because of similar behaviors while lamenting, “the problem is that you don’t really have any choice.” I don’t understand how that is any different with Google at this point in their role in so much of the population’s daily life.

opt-in

Image Source: Mailbow

An easy solution: make consumers aware, and allow us to opt-in

The solution as always, is easy. Google could provide granular privacy control that requires users to acknowledge and opt-in to these features which are consistently controversial. Some who responded to my original post suggested, “it is a convenience, I am not going to limit my experience over conspiracy!” I think that is a fair response and if you want to opt-in for those kind of conveniences and reap the benefits as an informed  user, I think that is fine.

Google could provide granular privacy control that requires users to acknowledge and opt-in to these features which are consistently controversial

The point is that companies should do a better job of telling users about these potentially invasive features, and should allow us to make an informed choice whether or not we wish to use these features. Many bring smartphones into places where they would never bring another sentient person capable of listening, watching, recognizing and analyzing their behavior. I won’t go into any crass details, as I’m sure you can imagine a Moto X laying on a night stand, rolling its one electric eye, wishing that it was somewhere else.

This example illustrates that, increasingly, we must be aware that our digital devices are passing a threshold. They’re less like mindless devices that are there to do our bidding, and more like curious children soaking up all of our actions like a sponge, and maybe exposing those actions at embarrassing times.

I am critical and paranoid of these features regardless of if it is Apple, Microsoft, Google or any other vendor. Just because you think you have nothing to hide, doesn’t mean you should mindlessly submit to being constantly observed by corporations or the state. As Snowden’s revelations expose, the line between the two is becoming increasingly blurry. Google, like Apple and Microsoft, has illustrated that they will gather whatever data they can about us to better understand how to market to us. They’ve also illustrated that the data they gather can be compromised and exploited against us.

I don’t think it is unreasonable to suggest that if they’re going to turn the camera on in an app on my device automatically, I should always have the option to deny that.

Comments

  • Nathan Borup

    The moto x always listening function doesn’t harvest or send any data to the cloud… if it did, my phone would die within hours, and my data would go through the roof. All it is doing is listening for a trigger phrase… it is not constantly uploading the data of what it hears around me

    • jackharkness

      It does always upload the data of audio found “around” the Okay Google function. I just enabled always-on listening on my phone to see what the New Google Now had (not much), and it told me so.

      • Nathan Borup

        Correction: Not the audio around… only the audio after… which is the whole point. It is a google search, of course it’s going to be uploaded

        • jackharkness

          Do you even read the privacy policy?

          • Nathan Borup

            Dude… it can’t upload audio “around” OK google, only after. OK google is the trigger to begin recording, it doesn’t record before. Yes the audio before ok google is being processed, but it is not being uploaded

          • jackharkness

            Dude… The mic has to be “listening” to pick up “okay Google”. Which means it’s retaining a cache of what it heard beforehand.

  • Anothermuse

    Yawn….yes opt in should be the default. That should have been the end of the article.

  • Bradley Uffner

    Talk about turning a molehill in to a mountain.

    • marthasfortner

      before I looked at the check of $8543 , I accept …that…my neighbour
      woz like they say truley earning money parttime on their apple labtop. . there
      sisters neighbour has done this 4 only 19 months and by now cleared the debts on their house and bourt a gorgeous
      Ford . visit this site C­a­s­h­f­i­g­.­C­O­M­

    • takeyourpick

      thats where prophets like richard stallman come to mind. you sound like a mole not wanting to look beyond 2 feet. by the time there’s a problem, you’d be far too late. guys like richard stallman have been predicting a lot of things, and they got branded as conspiracy theorists and loons. these are very real issues, may not be for most people. by the time everyone wakes up, you might have lost the right to think/ protest against incumbents.

      • PiddlyD

        It is tough taking these positions, by the way. I told the editors that I fully expected to take a beating for putting my name on this article. I’ve been through this gauntlet before.

  • lith

    Facebook Messenger has this same feature. Just so everyone’s aware.

    • PiddlyD

      Can you give me more details on this, Lith, so I can recreate it myself?

      • Ben Edwards

        Open messenger, start a conversation with someone and click on the camera button at the bottom of the screen. Launches the camera across the bottom half of the screen.

        It’s not quite the same thing because you physically have to choose to launch the camera though.

        • PiddlyD

          Ah… I see… and yeah, it makes more sense that if I am already *in* a conversation and I specifically *press* the camera that I’m bringing it up to either have a video chat or to send an image.

          It doesn’t seem quite the same as “I’ve hit Status Update” for a general message to “everyone” and we’ll launch a live camera window immediately. But there again is a solution. Have that camera icon, but have the live stream of video start the minute I click on it and indicate that is what I want.

          Right? Isn’t that the fundamental difference between how this is handled between the two different apps?

          • Ben Edwards

            Yip, I agree completely. Having the camera accessible isn’t necessarily a problem in itself, it’s just launching automatically that I don’t think seems quite right. FB have handled it perfectly with the messenger app (IMO anyway).

  • TedPhillips

    the android framework has had some protection for camera abuse for some time: your concern about the silent camera usage by G+ is a bit off; it’s my understanding the framework requires the live view to be drawn on teh screen to enable a capture (though recently this was pointed out to be defeatable because you could shrink the view to 1 pixel in size, where it would be unnoticeable) Additional protections are expected, and in the interim, [app opps and] conscientious app selection are still the best practice. Don’t install/enable apps you aren’t comfortable with, and if Google’s services freak you out, you should consider a shift in platform/rom.

    • PiddlyD

      Ted, while I appreciate you giving the most informed and educated response so far in this forum – I think that the answer “If Google services freak you out, you should consider a shift in platform/rom,” is a bit simplified.

      I went out of my way to illustrate that this isn’t necessarily a problem limited just to Google or Android platforms or apps, and I think the whole “if you don’t like it, go to some other platform,” thing is a dangerous precedent to start throwing around.

      5 or 10 years ago, that is the kind of thing we would have heard from a Microsoft supporter. Then people started taking that advice.

      Your argument is really no different than what I heard about WiFi password uploads to Google servers when I broke that story in 2011. “If you don’t like it, don’t enable it…”

      Back then I maintained, “why can’t Google allow me to select what I want to back up and not in a granular manner?”

      Likewise now, why can’t Google allow me to select which features of my device then can activate automatically in a more granular manner? Is that unreasonable to want as a consumer?

      • TedPhillips

        Every request like that is a feature and has [sometimes non obvious] significant overhead, you can make noise to boost priority externally but they need to fit in with the needs and priorities of the business. Meanwhile, what you are asking for is already offered by other android ROMs; I’d say that is what Google has already ‘delivered’ to you by having android be open source, what they offer in their builds is for what they consider mainstream/ease of use. No other major mobile platform gives you that choice. My comment, at the end of the day, is that if you are using G+, or gmail, or some other google service (and not strictly AOSP) – you should have already reconciled that by using the service, you are giving google some information. Giving them nothing, and taking everything, Google would go out of business.

        So, I’d say the comparison to a MS groupie is bunk. (choice of platform != choice of platform or rom)

        You seem pretty technical, so baked in granularity seems all upshot; but to non technical people, it adds confusion. There’s plenty of evidence of this if you take a look at app reviews. I say this as someone who already does use app ops for granular control.

        The other thing you could look for, is a 3rd party client app. Those can only exist successfully where a public api is offered (and that can only happen when it is advantageous to the business).

        • PiddlyD

          Ted…

          Shouldn’t a little If/Then routine handle this.

          “If $ = disable then LiveCameraOnStatusUpdate = 0″

          “If $ = enable then LiveCameraOnStatusUpdate = 1″

          I mean, if that adds too much code, just take out the var livefeedonstatusupdate out completely – that will free up more resources in tight code and make the G+ app run easier on system resources and battery, anyhow. Right?

          I don’t think offering the consumer unfriendly features on the main distro and suggesting, “if you want a more consumer friendly version, there are custom ROMs,” is a fair response, either. I suppose you may have a point… the security paranoid DO at least have an option of seeking a more security conscious ROM distro with an Android device. So, a point for Android here compared to iOS and Microsoft’s platforms. I just think that really leaves the people who need an EASY answer and don’t have the technical expertise to seek the difficult solution with no other choice but to submit – which again, is the same basic criticism I’ve seen a million Android fans level against Microsoft… forcing consumers into a situation where they have no choice but to sacrifice their security for convenience.

  • Johnnie ‘Walker’ Katsoukis

    Oh mommy look google is always watching my window!!!ffs ppl!!

  • Thomas W. Shinder MD

    I don’t do Google searches, I use Bing.

    • Daniel DS

      You’re on the wrong website then.

      • MasterMuffin

        #altavista4life

      • PiddlyD

        I’d hope that just because this site is Android oriented that this doesn’t mean the majority of readers would be loyal to Google search even if say, Microsoft – eventually offered a better alternative.

        I once swore by Windows Phone before I became an Android user. Windows Phone lagged, and Android surged ahead, and they won (and have kept) my business.

        In order to maintain my business on ANY platform, that platform has to continue to beat the competition. I’ll use iOS or Android or Windows Phone or Windows 8.x depending on what works best for me. The same thing applies for Google or Bing, or GMail or Hotmail…

        • kg2105

          Yeah but have you actually tried bing? I’ve used bing maps and bing search multiple times, they are a joke compared to google search and google maps. The search results weren’t as relevant, and bing maps was clunky and wanted me to take a weird route. So let’s cross that bridge when we come to it, if Microsoft ever gets their act together.

          • PiddlyD

            Ok. Fair enough.

            I have tried to use Bing… and honestly there are SOME cases where I’ve found it to return better results. But overall, my gut reaction is still to go right to Google for almost all of my searches. Generally speaking if I’m having a lot of difficulty with a Google Search, I’ll fall back to Bing as a secondary. Maybe a couple times out of 10 I’ll actually find some relief there.

  • MasterMuffin

    If there was an option, most people would just press “Ok” without thinking (in G Now, the “enable” button is big and colorful and “no thanks” button is small and gray). Making the user accept EULA never works either, nobody reads that. Then again, they can’t explain it with few short sentences either, because they could get sued (gotta have that 10 pages of text to make sure everything’s covered). Not saying there shouldn’t be the possibility to opt in/opt out, because those who are paranoid would find it no matter where it is, but it wouldn’t help most people IMO, because they (like me) don’t even care.

    • Ben Edwards

      Then that’s the users fault though, at least Google have covered themselves by making it an option.

  • Ben Edwards

    This seems a little intrusive, although somewhat similar to what the FB Messenger app does as well. Either way, not too fussed because I don’t use G+ and don’t plan on using it any time soon.

  • http://www.cparker15.com/ Christopher Parker

    “Is G+ native app’s camera feature an invasion of your privacy?”

    No.

    • takeyourpick

      cant speak for everyone I suppose. if it works well for you, good for you..

      • http://www.cparker15.com/ Christopher Parker

        In order to be an invasion of privacy, privacy has to be invaded. Meaning a recording actually has to be made, or a picture actually has to be taken, without the user’s consent. This is not done. Instead, a thumbnail of what the camera sees is displayed to the user. It’s a pass-through view.

        If the act of displaying something that you can already see to just you on your screen is a violation of your privacy, then you’ve got bigger issues than the UX design considerations of a social networking app.

        • PiddlyD

          Google storing all WPA password keys from all Android devices in their cloud, potentially encrypted, wasn’t a problem – until the NSA developed an explot to intercept encrypted traffic on Google’s internal network at the point where it was un-encrypted. When Google engineers found out about this exploit, they famously responded,

          “Brandon Downey, a security engineer with Google, was livid, saying:

          Fuck these guys.

          I’ve spent the last ten years of my life trying to keep Google’s users safe and secure from the many diverse threats Google faces… But after spending all that time helping in my tiny way to protect Google — one of the greatest things to arise from the internet — seeing this, well, it’s just a little like coming home from War with Sauron, destroying the One Ring, only to discover the NSA is on the front porch of the Shire chopping down the Party Tree and outsourcing all the hobbit farmers with half-orcs and whips.”

          Which is great, that Google engineers think the NSA is Sauron and they’re sorry they’ve sold us out like Gollum ratting Frodo out to the Necromancer.

          http://www.theverge.com/2013/11/6/5072924/google-engineers-issue-fuck-you-to-nsa-over-surveillance-scandal

          That doesn’t help us once the government has compromised our data because they outsmarted Google.

          So once again I ask… do you want Google designing an app that AUTOMATICALLY turns on your live video feed without any kind of user notification or opt-in/out policy in place?

          Seriously. If you didn’t learn THAT time, I suppose it is no surprise that you don’t want to learn this time, either.

          • http://www.cparker15.com/ Christopher Parker

            If there were an actual transmission of the video feed back to Google’s servers, then I would absolutely have an issue with this. However, that’s not the case, and the thumbnail acts as a viewfinder on a camera and little more. Anybody concerned about this probably has their tinfoil hat on a little too tight.

          • PiddlyD

            “Anybody concerned about this probably has their tinfoil hat on a little too tight.”

            I heard the literally the same thing in 2011 when I wrote:

            http://www.techrepublic.com/blog/it-security/update-google-knows-where-youve-been-and-they-might-be-holding-your-encryption-keys/

            In 2013, the above blog went suddenly viral when David Horowitz wrote this blog for Defensive Computing in Computerworld:

            http://blogs.computerworld.com/android/22806/google-knows-nearly-every-wi-fi-password-world

            The difference was that between 2011 and 2013, Edward Snowden revealed that the NSA spying on America was unprecedented and included willing collaboration and unwitting security compromise of information industry giants like Google. In 2011, when I was making the original claims, people said it was paranoid to suggest that the scope of US intelligence gathering was so broad or invasive. In 2013, it was almost certain that the NSA had access at some point to all of those WiFi passwords, and in fact, Google had also geolocated which WiFi passwords went to which routers by longitude and latitude. Heck… my paranoid conspiracy theories were not ambitious enough.

            I think the problem is that not enough people have their tinfoil hats on tightly enough.

            Here is a cut and paste of part of a conversation from G+ that takes a step toward justifying why being a little paranoid of Google is probably not a bad idea:

            Donovan Colbert
            5:42 AM+
            1
            2
            1

            Also – Google has this reputation for really wanting to be able to gather unique consumer data into their data warehouses for mining whenever they get the opportunity. We already know their automated algorithms snoop around in our e-mail to target market to us. They didn’t pay more than market value for NEST just to be nice to the people at that company. They’ve got an INTEREST in knowing when you’re home, what temperature you keep your house at, and all the other metadata that a NEST system will generate about your private life. They see the value in Nest as beyond just the revenue these devices will generate. It is the data that they’ll generate too.

            So… I’m a little wary when Google starts turning the cameras on my devices on for no really good reason. I think that might be a prudent concern with Google.

            Heck, really… it is metadata analysis of Google’s behaviors and patterns that elevates this from a trivial feature to something that warrants just a little more concern. Looking at ALL of Google’s actions, you get a picture of what their goal is. Once you understand their goal (to collect metadata about you to better understand YOUR actions)…

            Then this little trivial feature becomes something that I think warrants more attention.

  • AnonGuy

    I only use Google+ for managing Photos (trialing it out) because I actually think a photos is one of the best Gallery+Editing apps on Android. I don’t follow anyone or post anything there. My wish is that they’d separate photos from the Google+ service as a Picasa replacement that stands on its own so that I can disable it altogether and still use Photos. I may go back to Skydrive, since WP8.1 is rolling out I’ve been thinking of going to that platform. It works better with Windows 8.1.

  • ziplock9000

    Silly article. They could theoretically turn it on any time if they wanted to eavesdrop.