Microphone privacy concern
-
Hello everyone,
I realized a privacy concern about microphone that concerned unsuspended whatsweb, and whatsnew, but that could possibly concern many other webapps, or even regular apps.
The concern is that when running those webapps with microphone permission allowed and unsuspended to get notifications, then the subjacent website (in that case whatsapp) can effectively spy on your microphone at any moment, while your phone is suspended and the screen turned off, without you even being notified about that.
I'm going to see what I can do, on the application side, but it's not easy as it seems chromium engine does not allow easily to switch on and off the microphone in the webview, whether we are using electron or on Qtwebengine. You can chose to give or not the permission for the microphone, but when it's given it's hard to revoke without reloading the whole application.
Here are some possible features that could be useful, on the side of the OS:
- Add an icon to the systray when an Application is recording the microphone as KDE does.
- Add an option to disable the microphone for all apps (except maybe the phone app) when the phone is suspended.
- Or Even add an option to automatically diable the microphone for apps that are not in foreground (maybe except if they have a background microphone authorization)
- Add some tools for the apps themself to be able to know wether or not they are recording, and enable/disable or mute/unmute the microphone for themself a the level of pulseaudio. This should be accessible even for a confined app, and through shell command so that is universal.
Any thought on that?
-
I really think that ideally there should be two distinct permissions for the apps:
-
Foreground Microphone: The app can only access the microphone when it is foreground, that would be sufficient for most apps.
-
Background Microphone: That would be usefull for only a small minority of very trusted apps , like phone apps that may need to maintain a call while the phone is suspended.
But it's very different to give the opportunity to spy on the microphone at any moment which is a critical permission, and to allow the app to use the microphone while on foreground which is what most app would need and is way less critical.
-
-
@pparent other then that i totally agree, it might also be a good idea to add like only permission when you need it, why give whatsnew permission to access my microphone all the time? i could also just give it permission when i access a microphone requiered token? even if it is in the forground i barely need it to use my microphone at all.
so that could look like app development:
Forground permission,
Background permission, which i would only need during rare phone calls? and i suposse not even then since it will activate to the forground?and user side:
once or trusted. -
@nbdynl before i continue, append this to camera / location and if possible networking as well.
we want a one time approval option, as well as foreground only. only system apps (like Phone app) should be eligable for background access for services microphone/camera by default, devision as follows:
only phone (the app) has background access to microphone by default
camera should not be accessible on background by default. (any app)
location should not be accessible on background by default (any app)
networking should not be accessible on background by default ,push notifications goes through a push server so not affected if im wrong this can be ammended (any non system app)
Hello! It looks like you're interested in this conversation, but you don't have an account yet.
Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.
With your input, this post could be even better 💗
Register Login