• henfredemars@infosec.pub
    link
    fedilink
    English
    arrow-up
    5
    ·
    6 months ago

    That depends on how conclusive you need your proof to be.

    For example, you could run your phone software in an emulator and prove that your emulated microphone isn’t being accessed except when it should, because all attempts to access hardware are provided by your emulator. You would simply detect if this happens.

    You could debug the kernel on device to detect request to access the microphone hardware and correlate this data with user activities to show that it’s quite unlikely you’re being monitored.

    Perhaps you could insert physical probes into a real physical device to detect whether the application processor wakes up to service that data when you are speaking. If it doesn’t wake up, then you can reasonably argue that the data must not be getting stored or processed.

    In general, irrefutable proof will be difficult to acquire. As far as we know, most phones don’t listen to the microphone and record audio while the screen is locked. They have a coprocessor that does this but it wouldn’t have the memory to record more than a second or two and is used mainly for hotword detection.