Technology

Is your smartphone spying on you without you even knowing it?

Published

2 years ago

April 14, 2024

Is your smartphone spying on you without you even knowing it?

Researchers at MIT’s Computer Science and Artificial Intelligence Laboratory (CSAIL) recently revealed a startling new privacy threat.

Our smartphones’ ambient light sensors might be turned into makeshift cameras.

A woman on her iPhone (Kurt “CyberGuy” Knutsson)

From brightness adjustment to privacy invasion

Ambient light sensors are commonplace in smartphones, primarily used to adjust screen brightness according to environmental lighting. However, CSAIL researchers have demonstrated that these sensors could potentially be repurposed to capture images of a user’s surroundings.

By employing a computational imaging algorithm, they managed to recover environmental images from the perspective of the phone’s screen, utilizing only the light intensity data from these sensors.

CLICK TO GET KURT’S FREE CYBERGUY NEWSLETTER WITH SECURITY ALERTS, QUICK VIDEO TIPS, TECH REVIEWS AND EASY HOW-TO’S TO MAKE YOU SMARTER

Two people looking at their iPhones (Kurt “CyberGuy” Knutsson)

A comprehensive privacy threat

The implications of this discovery are far-reaching.

“Ambient light sensors are tiny devices deployed in almost all portable devices and screens that surround us in our daily lives,” notes Princeton University professor Felix Heide. The study underscores a privacy threat that spans a broad spectrum of devices, previously underestimated in its potential impact.

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

A person on a cell phone (Kurt “CyberGuy” Knutsson)

Gesture interception and interaction capture

Beyond static images, the study suggests that ambient light sensors could intercept user gestures, like swiping and sliding, capturing interactions with phones during activities such as video watching. This capability challenges the belief that ambient light sensors are harmless in terms of private data exposure.

An iPhone (Kurt “CyberGuy” Knutsson)

MORE: BEST WAY TO PROTECT YOUR DEVICES FROM GETTING HACKED

The call for tighter permissions

Yang Liu, a Ph.D. candidate at MIT EECS and CSAIL, warns that ambient light sensors, in conjunction with display screens, can capture our actions without consent, posing significant privacy risks. The researchers urge operating system developers to tighten permissions for these sensors, reducing their precision and sampling rate.

Person on an iPhone (Kurt “CyberGuy” Knutsson)

Looking ahead: Designing for privacy

To mitigate these security concerns, the study proposes granting users control over ambient light sensor permissions akin to camera permissions. Additionally, future device designs might include ambient light sensors positioned away from the user, such as on the side of the device, to prevent unauthorized visual data capture.

While the study’s findings prompt a reevaluation of sensor permissions and design, it’s equally important to recognize the broader context of smartphone security vulnerabilities. Let’s delve into the realm of spyware, another pressing concern where even the most vigilant users can find themselves compromised.

A woman talking on her cell phone (Kurt “CyberGuy” Knutsson)

Understanding spyware vulnerability on your smartphone

You might not realize it, but your phone could be more exposed to spyware than you think. Just a small slip-up while you’re browsing the web, and you could accidentally invite a cyber-spy into your life. If you’re an Android user, be extra cautious. Your phone is usually more at risk than iPhones.

But here’s the kicker. Even if you’re super careful, you’re not totally out of the woods. If you don’t update your phone’s software regularly or if you’ve jailbroken it, you’re playing with fire. Here are some telltale signs of spyware on your phone.

A woman on her smartphone (Kurt “CyberGuy” Knutsson))

MORE: SNEAKY SPYWARE IS AFTER YOUR MOST SENSITIVE DATA

The telltale sign of spyware on your phone

Is your phone acting strange? Here are the telltale signs of spyware on your device.

Unusual noises: Beeping, faint voices or static during calls might not just be network issues. They could signal an eavesdropping attempt.

Performance lags: If your phone suddenly slows down or the battery drains rapidly, spyware might be hogging your resources.

Sensors activate unexpectedly: Modern smartphones signal when cameras and mics are in use. If this happens sans your input, investigate promptly.

Mysterious apps and files: New, unrecognizable apps or files might indicate that your phone’s security has been breached.

Excessive pop-ups and spam: An uptick in ads, error messages or scam texts may be adware, a common companion to spyware.

Overheating issues: Like performance lags, overheating can suggest that spyware is overworking your phone’s internals.

Smartphone on the seat of a vehicle (Kurt “CyberGuy” Knutsson)

MORE: MALICIOUS ANDROID SPYWARE DETECTED IN OVER 100 POPULAR APPS

Several steps you can take to protect yourself from spyware on your smartphone

1. Have good antivirus software: Yes, antivirus protection can help detect and disable spyware on your smartphone. The best way to protect yourself from clicking malicious links that install malware that may get access to your private information is to have antivirus protection installed on all your devices. This can also alert you of any phishing emails or ransomware scams. Get my picks for the best 2024 antivirus protection winners for your Windows, Mac, Android & iOS devices.

2. Remove unfamiliar apps and files: If you suspect your phone has been hacked, promptly remove any unfamiliar apps.

3. Restart your device: Rebooting your phone can sometimes stop spyware from running.

4. Update to the latest software: As mentioned before, updates can patch vulnerabilities.

5. Be cautious when browsing: Avoid clicking on suspicious links or downloading files from untrusted sources.

6. Update your phone regularly: Updates often include security patches that can help protect your device from spyware and other vulnerabilities.

7. Don’t jailbreak your phone: Jailbreaking removes security restrictions that can make your phone more susceptible to spyware.

8. Look for unusual activity: This includes unusual noises during calls, performance lags, unexpected sensor activation, mysterious apps or files, excessive pop-ups and overheating.

9. Delete unwanted or unused apps: Some apps use your device’s camera and microphone and collect your data even while it is not in use. Getting rid of unused apps frees up storage space on your phone and declutters your lock screen. It can also eliminate one more potential app that might be collecting information from you unknowingly.

On an iPhone:

Hard press the app icon of the app you want to delete
Select Remove App
You’ll be prompted to confirm your decision in the next window by tapping Delete App
Then again by tapping Delete

 On an Android:

Go to the Google Play Store app
At the top right, tap the Profile icon
Select Manage apps & devices, click Manage
Select name of the app you want to delete
Select Uninstall

Android settings may vary based on the manufacturer’s settings.

While it may seem like an extra effort to review and change your apps’ permission settings, it’ll give you more peace of mind knowing which apps have access to specific device functions and data. Most devices now have a dedicated part of their settings to view which apps are using the different functions of your phone and what data it has access to.

10. Changing camera settings: It may seem simple to just give access to your camera to certain apps. This way, you can easily use the camera function whenever you pull up the app to use. There are, however, apps that do not need access to your camera to function. Does your navigation app need access to your camera even when it is not in use? Take back control of your camera by using the steps below to find out which apps have access to your camera and turn it on or off.

On an iPhone:

Go to Settings
Scroll down and select Privacy or Privacy & Security
Select Camera
You can see which apps have access to your camera. Of course, you can leave the apps where it makes sense to have access to your camera toggle on. For apps that do not, you can toggle access off (it will be grayed out)

On an Android:

Android settings may vary based on the manufacturer’s settings.

Open Settings
Select Apps
Select the app you want to change (If you can’t find it, select ‘See all apps’)
Select Permissions to view if you allowed or denied any permissions for the app
To change a permission setting, select it, then choose Allow only while using the app, Ask everytime or Don’t allow

11. Restrict camera and microphone permissions: Restricting camera and microphone permissions can make it more difficult for spyware to access these features.

On an iPhone:

Go to Settings
Scroll down and select Privacy or Privacy & Security
Select Microphone
You can see which apps have access to your microphone. Of course, you can leave the apps where it makes sense to have access to your microphone toggle on. For apps that do not, you can toggle access off (it will be grayed out)

On an Android:

Android settings may vary based on the manufacturer’s settings.

Open Settings
Select Apps
Select the app you want to change (If you can’t find it, select ‘See all apps’)
Select Permissions to view if you allowed or denied any permissions for the app
To change a permission setting, select it, then choose Allow only while using the app, Ask everytime or Don’t allow

MORE: NEWLY IPHONE SPYWARE TOOL SOLD TO GOVERNMENTS FOR TARGETED SURVEILLANCE

Kurt’s key takeaways

In a world where our smartphones are virtual extensions of ourselves, the discoveries at MIT’s CSAIL cast a new light on what we often take for granted. As we navigate the delicate balance between convenience and privacy, it’s clear that the devices we depend on daily harbor capabilities far beyond their intended use, prompting a necessary conversation on security, awareness and the evolving landscape of digital privacy.

With the revelation that devices we use daily, like smartphones, can be exploited in ways that compromise our privacy — such as converting ambient light sensors into makeshift cameras — what steps do you believe technology companies and governments should take to protect personal privacy? Let us know by writing us at Cyberguy.com/Contact

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter

Ask Kurt a question or let us know what stories you’d like us to cover

Answers to the most asked CyberGuy questions:

Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

Technology

Want to link from Google’s app store to your app? That’ll be $2–4 per install

Published

1 hour ago

December 19, 2025

Press Room

Want to link from Google’s app store to your app? That’ll be –4 per install

Today was the deadline for Google to reveal how it’s complying with Judge James Donato’s order to crack open Android for third-party app stores, stop illegally tying its Google Play Billing system to its app store, and let developers link to ways to download their apps outside the Play Store in the US.

But Google isn’t just letting app developers do things however and whenever they’d like. The company’s quietly updated its support pages with a January 28th deadline to enroll in specific Google programs for “alternative billing” and “external content links” — and these programs will come with large alternative fees of their own, assuming Judge Donato doesn’t opt for Epic and Google’s proposed settlement instead.

While it isn’t collecting fees yet, Google says it will charge developers $2.85 for every app and $3.65 for every game a user installs within 24 hours of clicking a link that takes you outside Google’s app store to download them outside the Google ecosystem.

Plus, it’ll take a 20 percent cut of any in-app purchases and 10 percent of any auto-renewing subscriptions. Apps still need to be submitted to Google for review, use a Google API to track them, and developers have to report all transactions (including $0 free trials) if they want to participate.

Google’s service fees for external links.

Image: Google

Meanwhile, developers who want to offer their own billing solutions will only get a 5 percent discount compared to Google’s current fees, likely making it not worth the effort to try alternative billing at all. Google will charge 25 percent for in-app purchases and 10 percent for auto-renewing subscriptions there; devs will need to integrate a Google API to track those, and report all transactions within 24 hours.

The company will cap some of these fees at 10 percent of a developer’s first $1 million of earnings, making it a bit easier for small developers, but perhaps no easier than it is currently. Google already offers a similar cap at 15 percent, so this too is a 5 percent discount.

How will Judge James Donato react? When Apple told Judge Yvonne Gonzalez Rogers it would require a 27 percent fee for external payments in the parallel Epic v. Apple case, she found Apple in contempt of court, and an appeals court backed up that decision just days ago. However, the appeals court did suggest that Apple may be able to collect some fee, writing that:

Apple should be able to charge a commission on linked-out purchases based on the costs that are genuinely and reasonably necessary for its coordination of external links for linked-out purchases, but no more.

Google currently claims that “the fees associated with the external content links program reflect the value provided by Android and Play and support our continued investments across Android and Play.”

But Google also says it won’t collect any fees quite yet, writing:

In the future, Google intends to apply a service fee on successful transactions and downloads completed via external content links. At this time, however, Google is not assessing these fees and is therefore not requiring developers in this program to report these transactions or downloads to Google.

In their joint progress report today, Epic and Google’s lawyers write that while Epic agrees with the January 28th deadline and other requirements, “Epic has indicated that it opposes the service fees that Google announced it may implement in the future and that Epic will challenge these fees if they come into effect.”

Of course, none of this will come to pass if Judge Donato accepts Google and Epic’s proposed settlement instead, which would generally apply worldwide (instead of just in the US) and comes with lower standard transaction fees.

But Google signaled that settlement, too, would come with fees on alternative billing and external app downloads, and Judge Donato seemed skeptical of the settlement in November. He’s ordered an evidentiary hearing on January 22nd before he makes a decision.

Since Google’s support pages seem to be fluid as Epic v. Google continues, we’ve archived copies of their current text below.

Follow topics and authors from this story to see more like this in your personalized homepage feed and to receive email updates.

Sean Hollister

Technology

Holiday deliveries and fake tracking texts: How scammers track you

Published

2 hours ago

December 19, 2025

Press Room

Holiday deliveries and fake tracking texts: How scammers track you

NEWYou can now listen to Fox News articles!

As we head into the last stretch of December (and last-minute gift shopping), your doorstep is probably busier than ever. And if you’re anything like me, you’re probably also juggling shipping updates, tracking numbers, and “out for delivery” alerts from half a dozen retailers.

Unfortunately, scammers know this too, and they’ve likely been preparing for it all year. Like clockwork, I’ve already started seeing the usual wave of fake tracking texts hitting people’s phones. They look legit, they show up right when you’re expecting a package, and they rely on one inescapable truth: during the holiday rush, most of us are too overwhelmed to notice when something feels off.

No need to panic, though. You can still come out ahead of the scammers. I’ll show you what to look out for and how you can prevent being targeted in the first place.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

THE FAKE REFUND SCAM: WHY SCAMMERS LOVE HOLIDAY SHOPPERS

Holiday shoppers are being hit with a surge of fake delivery texts designed to steal personal information and account logins. (Photo by Sebastian Kahnert/picture alliance via Getty Images)

What fake delivery text messages look like

Most of these fake shipping texts include a “tracking link” that looks close enough to the real thing that you might tap without thinking twice about it. In some cases, like one Maryland woman found out, you may even receive fake deliveries with a QR code that works in a similar way.

These links usually lead to a spoofed tracking page that looks almost identical to the real thing. It’ll ask you to “confirm” your login or enter your delivery details. The moment you type anything in, scammers capture it and use it to access your real accounts.

Even worse, the “tracking link” may contain malware or spyware, triggering silent installs that can steal passwords, monitor keystrokes, or give scammers remote access to your device.

Red flags that reveal fake shipping and tracking messages

So how can you distinguish between a legitimate message for a delivery you’re actually waiting for and one of these scams? Here are the red flags I look for:

Weird or slightly altered URLs. Scammers use domains that look almost right. Except there’s usually one extra letter, a swapped character, or a completely unfamiliar extension.
Requests for additional payment. Real carriers don’t ask you to pay a “small fee” to release a package. That’s an instant giveaway.
A package you’re not expecting. If the text is vague or you can’t match it to a recent order, pause before you tap anything.
Delivery attempts at odd hours. “Missed delivery at 6:12 AM” or “late-night attempt” messages are usually fake. Carriers don’t normally operate like that.
Updates that don’t match what you see in the retailer’s app or email. If Amazon says your package is arriving tomorrow, but a random text says it’s delayed or stuck, trust Amazon, not the text.
Language that is designed to rush you. Anything screaming “immediate action required!” is designed to make you stop thinking and start tapping.

If a text triggers any one of these, I delete it on the spot. When in doubt, always check directly with the delivery service provider first before opening any links.

WHY YOUR HOLIDAY SHOPPING DATA NEEDS A CLEANUP NOW

Scammers are sending deceptive tracking links that mimic real carriers, hoping rushed shoppers won’t notice red flags. (Silas Stein/picture alliance via Getty Images)

How scammers know your address, phone number, and shopping habits

Scammers don’t magically know where you live or what you’ve ordered — they buy that information. There’s actually an entire industry of data brokers built on collecting and selling personal data. This can include your:

Phone number
Home address
Email
Purchase history
Browsing patterns
Retailers accounts and apps
Loyalty programs
Even preferred delivery times.

These data brokers can sell profiles containing hundreds of data points on you. And they aren’t always discerning about who they sell to. In fact, some of them have been caught intentionally selling data to scammers.

Once scammers have those details, creating a convincing delivery scam is no problem.

But scammers can’t target what they can’t find

I’ve been very vocal about the importance of keeping personal information under lock and key. And this is just one of the reasons why.

Criminals rely on your personal information to target you with these types of scams. They also need at least a phone number or email address to reach you in the first place.

So your best bet to avoid delivery scams (and, honestly, most other scams year-round) is removing your info from data brokers and people search sites. Doing this will keep your details out of circulation online and out of the wrong hands.

FBI WARNS EMAIL USERS AS HOLIDAY SCAMS SURGE

Fraudsters use spoofed shipping pages and malware to capture passwords and gain access to victims’ devices. (Martin Ollman/Getty Images)

How to remove your personal information from scammers’ reach

You can start by looking yourself up online. Searching for different combinations of your name, address, email, and phone number should bring up a bunch of people search sites. Just visit the “opt-out” page on each site to request removal of your data.

Private-database data brokers are a bit trickier. They sell data in bulk, usually to marketers and other third parties. So you won’t be able to check if they have your information. But if you look into which data brokers operate in your area, you can just send opt-out requests to them all. There’s a good chance they’ll have your information.

You can also turn to a data removal service. They completely remove the headache from this process and just automatically keep your personal info off data broker sites. If, like me, you don’t have the time to keep manually checking data broker sites and sending removal requests every few months (because your data will keep reappearing), a personal data removal service is the way to go.

While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

Kurt’s key takeaways

Holiday delivery scams work because they blend perfectly into the chaos of December shopping. A well-timed text and a familiar tracking link are often all it takes to lower your guard. By slowing down, checking messages directly with retailers, and reducing how much of your personal data is circulating online, you can take away the advantage scammers rely on. A little caution now can save you a major headache later.

Have you received a suspicious delivery text or tracking message this holiday season? If so, tell us what it looked like and how you handled it by writing to us at Cyberguy.com.

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Technology

Brendan Carr is a dummy

Published

13 hours ago

December 19, 2025

Press Room

All year on The Vergecast, we’ve been tracking the many bizarre and problematic actions of FCC Chairman Brendan Carr. There has been a lot to discuss! Then, this week, ahead of one of our last episodes of the year, Carr appeared in front of the Senate Commerce Committee and spent three hours explaining how he thinks about his job, the FCC, and the state of online communication and entertainment. It was a lot.

On this episode of The Vergecast, we begin with a dissection of Carr’s testimony, his threats against broadcasters, and the ways in which he’s using old ideas about content delivery to get his political way. Nilay and David walk through some of Carr’s most important quotes, explain the history of broadband regulation, and look ahead to how Carr might bring these same tactics to internet regulation next year.

Also, an important housekeeping note: The Vergecast will be live at CES! We’ll be at the Brooklyn Bowl in Las Vegas, at 3:30PM on Wednesday, January 7th. There will be podcasting, and hanging out, and bowling. It’s going to be great, and if you’re going to be in Vegas we’d love to see you there.

Until then, if you want to know more about everything we discuss in this episode, here are some links to get you started, first on Brendan Carr:

And in the streaming wars:

And in the lightning round: