[ShaneGoodman]

Greeting,

I'm getting messages saying "Sensitive permission accessed". When I tap for details, it says SoundHound accessed the microphone. SoundHound isn't running. I get this message about every sixty seconds.

How can I be getting these alerts when SoundHound isn't running?

[conite]

Greeting,

I'm getting messages saying "Sensitive permission accessed". When I tap for details, it says SoundHound accessed the microphone. SoundHound isn't running. I get this message about every sixty seconds.

How can I be getting these alerts when SoundHound isn't running?

Go to Power Centre and turn off SoundHound from starting in the background.

[bb10adopter111]

Greeting,

I'm getting messages saying "Sensitive permission accessed". When I tap for details, it says SoundHound accessed the microphone. SoundHound isn't running. I get this message about every sixty seconds.

How can I be getting these alerts when SoundHound isn't running?

It's telling you that some process tied to SoundHound is accessing that permission ven though the app is not active.

Z10 = BB10 + VKB > iOS + Android

[ShaneGoodman]

Go to Power Centre and turn off SoundHound from starting in the background.

Thanks. I couldn't find anything in Settings. I never thought to try the Power Centre.

I tapped Power Centre > Manage automatic apps, and switched SoundHound to Off.

I will let you know how it goes.

Shane.

[chetmanley]

For anyone who might be interested, SoundHound has a great deal of tracker software embedded (18 different ones). I took a quick look for interests sake and it has trackers from the following data collection companies:

1 from ComScore
6 from Google
4 from Facebook
1 from Houndify
1 from Integral Ad Service
1 from Localytics
1 from Moat
1 from Twitter MoPub
1 from Quantcast
1 from Branch

Digging through these I found references to the following types of data collection:

Street, City, State and Country
Precise Coordinates
Time zone
DeviceID, Device Name, OS Version
Language
Geofencing and location tracking
Phone brand and model
User name, age, gender
Local IP address, WIFI SSID, and Network Provider

Something SoundHound is collecting which they've described in a string as "firstPersonSelf" and "firstPersonSpoken"

It connects to the following servers:

graph.facebook.com
profile.localytics.com
analytics.localytics.com
manifest.localytics.com
secureapi.midomi.com
data.midomi.com
api2.branch.io
m.quatcount.com
crashlytics.com
scorecardresearch.com
ads.mopub.com
soundhound.com
api.midomi.com
search.midomi.com


There are 3315 sub components/classes of these 18 trackers in the SoundHound app. So I'm sure there's some I'm missing.

[ShaneGoodman]

The only permission I gave SoundHound was Microphone. You're telling me it is collecting:

• Street, City, State and Country
• Precise Coordinates
• Time zone
• Geofencing and location tracking

How can it do this? It does not have the Location permission.

Shane.

[conite]

The only permission I gave SoundHound was Microphone. You're telling me it is collecting:

• Street, City, State and Country
• Precise Coordinates
• Time zone
• Geofencing and location tracking

How can it do this? It does not have the Location permission.

Shane.

This is how "free" apps earn revenue.

Use Blokada to block the trackers.

https://blokada.org/

[ShaneGoodman]

This is how "free" apps earn revenue.

So, you're saying that the paid version of SoundHound doesn't track you?

[conite]

So, you're saying that the paid version of SoundHound doesn't track you?

Doubt it.

[chetmanley]

The only permission I gave SoundHound was Microphone. You're telling me it is collecting:

• Street, City, State and Country
• Precise Coordinates
• Time zone
• Geofencing and location tracking

How can it do this? It does not have the Location permission.

Shane.

It does this by collecting Cell Tower IDs, Wifi SSIDs and Bluetooth Beacons and your IP address. Another way to track user location is by using the device accelerometers to capture how the device moves from one known location, to another location to provide approximate location tracking.

All of which have nothing to do with location services directly.

From their Privacy Policy https://www.soundhound.com/en/privacy

Location Information. ​ When you use the Services, and when you have enabled such collection in your device or App settings, we may collect location information that your mobile device or browser provides. Depending on how you access the Services, we may receive precise geolocation information from GPS, WiFi, or cell tower location, or rough location information.

And keep in mind, this policy only covers Sound Hound, it does not cover off the other 17 tracker companies which have their own trackers embedded.

[ShaneGoodman]

Go to Power Centre and turn off SoundHound from starting in the background.

I have prevented the app from running in the background, however, I'm still getting the alerts after I manually start the app. In the past, I would only get the alert after tapping the icon to turn on song recognition. Now, the app is listening all the time.

Shane.

[conite]

I have prevented the app from running in the background, however, I'm still getting the alerts after I manually start the app. In the past, I would only get the alert after tapping the icon to turn on song recognition. Now, the app is listening all the time.

Shane.

Funny. I get no background events at all. Did you install Blokada?

[chetmanley]

I don't think @ShaneGoodman is describing background events, but foreground events which are happening as soon as the app is opened, without pressing the record button. I saw the same behavior when I was testing it.

This may be caused by a setting I recall seeing which had something to do with "pre-recording"?

I've since deleted this app, but maybe there was a version update which changed the microphone behavior.

Try turning off this "pre-recording" setting and see if it continues to activate the microphone before user interaction.

[ShaneGoodman]

I don't think @ShaneGoodman is describing background events, but foreground events which are happening as soon as the app is opened, without pressing the record button. I saw the same behavior when I was testing it.

Since the app wasn't running, I assumed they were background events. However, I see now that they are recorded as Foreground events:

This may be caused by a setting I recall seeing which had something to do with "pre-recording"?

There is a "Pre-Listening" setting. I turned it off.

I've since deleted this app, but maybe there was a version update which changed the microphone behavior.

I tried deleting it as well. I reinstalled it from Google Play, which gave me version 9.3.4b-#659.a21-d8126a61

Try turning off this "pre-recording" setting and see if it continues to activate the microphone before user interaction.

I'm waiting to see if that worked.

[ShaneGoodman]

It didn't work.

I sent an email to SoundHound support.

[bb10adopter111]

This is how "free" apps earn revenue.

Use Blokada to block the trackers.

https://blokada.org/

Which is why I avoid most free apps, excepting those from very trusted groups with a clearly articulated business model and privacy policy that makes sense!

In the event I want to use an app like SoundHound (which has some nice features), I typically download it, use it, and uninstall it immediately. I do that for ALL loyalty apps, as I don't need the Panera app when I'm not ordering from Panera!

Z10 = BB10 + VKB > iOS + Android

[chetmanley]

Which is why I avoid most free apps, excepting those from very trusted groups with a clearly articulated business model and privacy policy that makes sense!

In the event I want to use an app like SoundHound (which has some nice features), I typically download it, use it, and uninstall it immediately. I do that for ALL loyalty apps, as I don't need the Panera app when I'm not ordering from Panera!

Z10 = BB10 + VKB > iOS + Android

Unfortunately, during that brief window of usage, it's highly likely that the app has already collected and transmitted identifiers like your;

Device Name and ID
IMEI and MAC (I've read that Android 10 does not allow apps to access permanent device identifiers anymore?)
Cell Provider and cell tower IDs
IP address
Nearby WIFI hotspots including the one in your house and all of your neighbors' - which provides your location even with GPS off
List of other applications installed.
If the device has Google Play Services installed and running, then it would also collect your Google Play User ID and use that to track your usage between other apps from Google Play which have been installed with the same ID.

For me, learning what a particular song is called isn't worth that trade off.

If a particular application / spyware app absolutely needs to be installed and run, then using Netguard can help to mitigate some of the data collection by first severing the newly installed application's connection to the internet. When the App is then opened for the first time, the user can monitor and record all the connection attempts. From there, all of the servers known to be associated with data collection can be blocked individually, while allowing only the essential connection(s) through for the application to function.

In this case, I would start by blocking the following

graph.facebook.com
profile.localytics.com
analytics.localytics.com
manifest.localytics.com
api2.branch.io
m.quatcount.com
crashlytics.com
scorecardresearch.com
ads.mopub.com

And the following would be questionable - they are related to SoundHound, but it's difficult to tell if they are for data collection, or genuine app functionality. Only way to tell is to see if the app works while they are blocked, if not, individually unblock until the app works.

api.midomi.com
search.midomi.com
secureapi.midomi.com
data.midomi.com
soundhound.com

[bb10adopter111]

Unfortunately, during that brief window of usage, it's highly likely that the app has already collected and transmitted identifiers like your;

Device Name and ID
IMEI and MAC (I've read that Android 10 does not allow apps to access permanent device identifiers anymore?)
Cell Provider and cell tower IDs
Nearby WIFI hotspots including the one in your house and all of your neighbors' - which provides your location even with GPS off
List of other applications installed.
If the device has Google Play Services installed and running, then it would also collect your Google Play User ID and use that to track your usage between other apps from Google Play which have been installed with the same ID.

For me, learning what a particular song is called isn't worth that trade off.

I agree completely with you re: SoundHound not being worth it.

But a onetime snapshot of several data points (such as local cell towers) is a lot better than frequent or continuous monitoring.

One of the reasons I don't provide my carrier, Android or Google with my real identity is so that I don't have to worry as much about my personal information being mined by an app. It's also why I put my phone in a Faraday bag and don't use it near my house. (I have other devices for use at home.)

Thank you for your detailed research on SoundHound's super aggressive data collection. If apps like this were forced to be completely transparent about their practices, I wonder how many of them would survive. Not many people I know would knowingly provide that much information just to find the name of a song.

Z10 = BB10 + VKB > iOS + Android

[ShaneGoodman]

I got an email back from SoundHound saying "Our team is aware of this issue, and we're currently working to resolve it."

[ShaneGoodman]

SoundHound has been updated to version 9.3.5 and it seems to be working now.