Adversaries may capture audio to collect information by leveraging standard operating system APIs of a mobile device. Examples of audio information adversaries may target include user conversations, surroundings, phone calls, or other sensitive information.
Android and iOS, by default, require that applications request device microphone access from the user.
On Android devices, applications must hold the
RECORD_AUDIO permission to access the microphone or the
CAPTURE_AUDIO_OUTPUT permission to access audio output. Because Android does not allow third-party applications to hold the
CAPTURE_AUDIO_OUTPUT permission by default, only privileged applications, such as those distributed by Google or the device vendor, can access audio output. However, adversaries may be able to gain this access after successfully elevating their privileges. With the
CAPTURE_AUDIO_OUTPUT permission, adversaries may pass the
MediaRecorder.AudioSource.VOICE_CALL constant to
MediaRecorder.setAudioOutput, allowing capture of both voice call uplink and downlink.
On iOS devices, applications must include the
NSMicrophoneUsageDescription key in their
Info.plist file to access the microphone.
|S0316||Pegasus for Android|
|S0289||Pegasus for iOS|
|S0318||XLoader for Android|
|M1006||Use Recent OS Version||
Android 9 and above restricts access to microphone, camera, and other sensors from background applications.
Users should be wary of granting applications dangerous or privacy-intrusive permissions, such as access to microphone or audio output.
In iOS 14 and up, an orange dot (or orange square if the Differentiate Without Color setting is enabled) appears in the status bar when the microphone is being used by an application. However, there have been demonstrations indicating it may still be possible to access the microphone in the background without triggering this visual indicator by abusing features that natively access the microphone or camera but do not trigger the visual indicators.
In Android 12 and up, a green dot appears in the status bar when the microphone is being used by an application.
Android applications using the
RECORD_AUDIO permission and iOS applications using
RequestRecordPermission should be carefully reviewed and monitored. If the
CAPTURE_AUDIO_OUTPUT permission is found in a third-party Android application, the application should be heavily scrutinized.
In both Android (6.0 and up) and iOS, users can review which applications have the permission to access the microphone through the device settings screen and revoke permissions as necessary.