Abstract
Video conferencing apps (VCAs) make it possible for previously private spaces — bedrooms, living rooms, and kitchens — into semi-public extensions of the office. For the most part, users have accepted these apps in their personal space without much thought about the permission models that govern the use of their private data during meetings. While access to a device’s video camera is carefully controlled, little has been done to ensure the same level of privacy for accessing the microphone. In this work, we ask the question: what hap- pens to the microphone data when a user clicks the mute button in a VCA? We first conduct a user study to an- alyze users’ understanding of the permission model of the mute button. Then, using runtime binary analysis tools, we trace raw audio flow in many popular VCAs as it traverses the app from the audio driver to the net- work. We find fragmented policies for dealing with mi- crophone data among VCAs — some continuously mon- itor the microphone input during mute, and others do so periodically. One app transmits statistics of the audio to its telemetry servers while the app is muted. Using network traffic that we intercept en route to the teleme- try server, we implement a proof-of-concept background activity classifier and demonstrate the feasibility of in- ferring the ongoing background activity during a meet- ing — cooking, cleaning, typing, etc. We achieved 81.9% macro accuracy on identifying six common background activities using intercepted outgoing telemetry packets when a user is muted.
Jack West
PhD Student
I’ve been doing research all over the place before I landed on privacy. I have worked with cryptography, randomness, and fog computing while at Loyola. I have since migrated to privacy work which is now my main interest.