Document Type
Article
Publication Date
7-2022
Publication Title
The 22nd Privacy Enhancing Technologies Symposium
Volume
2022
Issue
3
Pages
373–393
Abstract
In the post-pandemic era, video conferencing apps (VCAs) have converted previously private spaces — bedrooms, living rooms, and kitchens — into semi-public extensions of the office. And for the most part, users have accepted these apps in their personal space, without much thought about the permission models that govern the use of their personal data during meetings. While access to a device’s video camera is carefully controlled, little has been done to ensure the same level of privacy for accessing the microphone. In this work, we ask the question: what happens to the microphone data when a user clicks the mute button in a VCA? We first conduct a user study to analyze users' understanding of the permission model of the mute button. Then, using runtime binary analysis tools, we trace raw audio in many popular VCAs as it traverses the app from the audio driver to the network. We find fragmented policies for dealing with microphone data among VCAs — some continuously monitor the microphone input during mute, and others do so periodically. One app transmits statistics of the audio to its telemetry servers while the app is muted. Using network traffic that we intercept en route to the telemetry server, we implement a proof-of-concept background activity classifier and demonstrate the feasibility of inferring the ongoing background activity during a meeting — cooking, cleaning, typing, etc. We achieved 81.9% macro accuracy on identifying six common background activities using intercepted outgoing telemetry packets when a user is muted.
Recommended Citation
Yucheng Yang, Jack West, George K. Thiruvathukal, Neil Klingensmith, Kassem Fawaz, "Are You Really Muted?: A Privacy Analysis of Mute Buttons in Video Conferencing Apps", In Proceedings of the 22nd Privacy Enhancing Technologies Symposium, 2022.
Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 International License.
Copyright Statement
© The Authors, 2022.
Included in
Artificial Intelligence and Robotics Commons, Information Security Commons, OS and Networks Commons
Comments
Author Posting © The Author's, 2022. The definitive version of this work was published in the Proceedings on Privacy Enhancing Technologies, Volume 2022, Issue 3, pp. 373–393, https://doi.org/10.56553/popets-2022-0077.