Apps can access the device microphone and record data. Appthority has TIs that find apps that may use or misuse audio data from the microphone. Improper handling of microphone recordings may disclose them to unintended parties.

Recommendation: Activate the Records Audio TI and evaluate whether the apps that trigger this TI are acceptable in your Org.

Can Access Microphone

The Can Access Microphone TI detects whether the app binary contains code that requests permission to use the microphone. This static analysis does not determine whether the user can accept or reject such access; it only indicates the ability to access the microphone.

There are many apps that access the microphone for legitimate reasons. The App Report evidence data description for an app that triggers this TI can reveal the reason for the access. For example “XXX app needs to access Microphone in order to transmit your voice to the called party.” This TI is ranked at Risk Level 2.

Can Record Calls

The Can Record Calls TI means that the app code requests permission to record phone calls. While this may be legitimate, some malware may use this permission to record calls and share with unintended parties. This TI is ranked at Risk Level 2.

Accesses Microphone for Advertising

The Accesses Microphone for Advertising TI indicates that the app accesses the microphone and uses a 3rd party advertising library that can transfer the data from the microphone to a 3rd party. Information sent to advertising libraries are not usually monitored by the original app, and enterprises normally do not have visibility into this kind of 3rd party data access.

While it is acceptable to access the microphone for in-app functionality, and while app developers may earn money for free apps by including advertising libraries, the benefit of using the app may not outweigh the risk of enterprise data leakage. This TI has a Risk Level of 6.

Records Audio

The Records Audio TI indicates that the app records audio using the microphone. During run time analysis, Appthority discovers that the app makes a dynamic API method call to access the device microphone and record the audio. This Threat Indicator is much more precise than Can Access Microphone, as it detects apps that do actually record audio via the microphone. It is ranked at Risk Level 6.