Maybe I am going too deep in the weeds here, but what if it isn’t “recording”, but just listening in real time at which point the app is converting what it hears to text.
From the OS/device perspective, that's the same thing. When I talk about "recording", I mean the state where the device is reading data from the mic or camera and feeding it to a process. Because the reality is, as you surmise, there's no way to control that data once the app has read it. It can buffer it, it can upload it, it can do whatever. So all the gates are around access to the data coming from the mic/camera itself, not what the app says it wants it for.
To pull data from the mic or camera, you have to use AVFoundation to create a recording session. That returns an error if you haven't already established permissions. So the general flow is: Confirm permissions with OS, create session, read data. On the iPhone 16 and later (M4 iPads too?), and MacBook Neo, the indicator light is software driven, but controlled by one of the new XNU exclaves. This means it runs in its own secure environment separate from the kernel, and it writes directly to the screen framebuffer whenever audio data is requested by XNU. So here's what you'd have to do to pull data from the microphone on an iPhone 16/17 without the user noticing:
- Find an exploit that lets you run arbitrary code in the kernel. This gives you the ability to read the data without triggering the permission requirement, and is required for the second exploit.
- Find another exploit that lets you take over the exclave that handles the indicator and audio data, which can only be talked to by the kernel through a limited interface surface.
- Keep your tracks clean enough that Apple never notices and shuts the multiple security holes you just exploited, and third party security researchers also don't discover what you did. If the security hole you found does get closed, you need to find a new one ASAP. You are now in a game of cat-and-mouse with Apple for as long as you want to keep doing this.
Good luck with that. It's not impossible, but it's pretty damn hard. And Apple is practically a whole generation ahead of their competitors when it comes down to shutting down ways a malicious actor can get at your camera and microphone.
On older devices which can't use the exclave, you still need a kernel level exploit. And I've yet to run into a FAANG-level company willing to go that far for their advertising revenue. Especially when there's other means of piecing together the puzzle of you as an advertising target.
As for Hey Siri, the specifics there are a bit fuzzier since Apple
doesn't clearly articulate how the data here is secured. The wake word check does use the ANE to check to see if the audio data matches, and the exclaves do have a mechanism for farming work out to the ANE, which does suggest that the exclave at least
can handle wake word processing without XNU being directly involved. But the light only turns on when the wake word is heard, so the only real way this can work securely is that the exclaves control wake word processing, and then signals when it was said. Siri/etc then asks for mic data, and the exclave turns the indicator on at that point because data is now explicitly leaving the exclave for use by the kernel and apps.
While I know they have these measures in place with the iPhone, again, it clearly is not working. I have taken every known measure to ensure my mic is off and am quite aware of the light being on while it is supposedly recording.
The problem here is that there's enough information about the security model here that this is just flat out
improbable. As in, "target of a well-motivated nation-state willing to expend the effort on you" level of improbable. This is why folks like myself and Cmaier are pushing back on this claim. It's just orders of magnitude more likely some other signals/devices are involved, or some unexpected/unknown path, than someone like Facebook actively deploying kernel exploits in their mobile app that is mostly JavaScript.
I also don't agree that it's some how picked up on my scrolling or through any other means when there are very specific keywords I've only ever spoken, never typed or happened upon them like there is some sort of magic going on. It's not really a matter of who is right here, I am telling you point blank that this is exactly what has happened to me several times, there are also several other reports of this out there.
There's also reports of bigfoot out there, but it doesn't mean the bar has been met to prove the claim that bigfoot exists. And this isn't to discount your experience. I believe you when you say you've experienced these uncanny things, I am just dubious the
cause is what you claim without better evidence.
I still suspect that even in the worst case scenario that a twist on the "Don't Think About Elephants" idea is more likely than a mic hijack in your case. Which is to say, you encounter X (with the pixel trackers we're all familiar with), which makes you think about Y, you bring up Y while talking, and then start seeing the ads for Y as well. It's completely uncanny, but the root cause could very well be the fact that someone has a dataset out there showing the link between encountering X, and then going on to look for Y, and using that in their targeting algorithm. This is why I brought up the pregnancy article. These sort of "see/do X, trends leads to Y" patterns are harder for us to pick out as people (except when they are glaring enough that we can call them stereotypes), but even non-ML models can begin to pick them out in the aggregate data of many, many people. ML models can pull out more subtle patterns. And it doesn't even have to get it right more than say, 50% of the time to be downright disturbing when encountered.
