The makers of the music discovery app Shazam have promised a software update in the next few days, after it was uncovered that the current Mac version is always listening — even when it's supposed to be off.
The issue was discovered by Synack's R&D director, Patrick Wardle, who created an app called OverSight to detect when apps are accessing a webcam or internal microphone. Through this he found that Shazam is continuing to access the microphone at all times until people quit the app entirely.
The listening isn't malicious, and the app isn't saving, processing, or uploading the data when it's officially off, according to Motherboard, which spoke with both Wardle and Shazam. Instead the listening is meant to minimize buffering when people do choose to identify a song.
Speaking to CNET, Shazam's chief product officer Fabio Santini said that the situation is unique to the Mac app, and claimed that the recording data would be useless to a hacker even if there was something to access, since Shazam is only sampling a few points along a sound wave to create the "fingerprint" it uses to match songs.
"Those points can't be reverse-engineered to reconstruct original audio," Santini noted.
3 Comments
The level of condescension in the response in unbelievable. Seriously? You left the microphone on, when the user specifically said to turn it off, wasting power, and potentially, privacy breach, and all you can say is "oh, it doesn't matter?!" FUCK YOU, Fabio Santini and FUCK YOU, Shazam.
"The issue was discovered by Synack's R&D director, Patrick Wardle…"
I actually discovered this—and tweeted about it—a year ago, right after the app was released.