It was recently uncovered that popular music recognition software Shazam was keeping the microphone active on Apple Mac computers, even after users closed the application. Shazam dismissed concerns about the feature encroaching on user privacy, but has now has confirmed that it plans to update the app to end the always-on Mac microphone feature.
According to security researcher and former NSA hacker Patrick Wardle, the person who discovered the active mic issue, Shazam's feature was not intended to be malicious.
Wardle's analysis of the feature revealed that although "Shazam is always recording even when the user has toggled it 'OFF' I saw no indication that this recorded data is ever processed (nor saved, exfiltrated, etc). However, I still don't like an app that appears to be constantly pulling audio off my computers internal mic."
Wardle told Motherboard, "When I turn something off, 'off' should be 'off'. It's nice of them to stop processing that data, but yeah, they are still recording all the time."
Shazam's chief product officer Fabio Santini told CNet that the firm had activated the feature only on Mac. He also dismissed the feature's ability to allow malicious entities to access user data. He claimed that even if a hacker could access the data, the feature would not allow him/her to listen-in on personal conversations.
"There is no privacy issue since the audio is not processed unless the user actively turns the app 'ON.'" James Pearson, the VP of global communications for Shazam, told Motherboard. "If the mic wasn't left on, it would take the app longer to both initialize the mic and then start buffering audio, and this is more likely to result in a poor user experience where users 'miss out' on a song they were trying to identify."
Pearson also said that Shazam did not store or send audio files. Instead the app samples a few points in the audio wave to create a "digital fingerprint". Santini added, "Those points can't be reverse-engineered to reconstruct original audio."
However, the revelation has led Shazam to reconsider the necessity of the feature. The firm has since said that it intends to change the way its Mac app will function in the future.
"We want to be sensitive to what our users think and feel," says Santini. "Even though we don't recognize a meaningful risk, we want to make this configuration change to show that we care, and we pay attention, and we want them to feel good about using Shazam on their Mac."
Santini said that the company will update its Mac app in the coming days.
After the publication of this article, Shazam global communications VP James Pearson said in an emailed statement, "Shazam doesn't record anything. Shazam accesses the microphone for the exclusive purpose of obtaining a small fingerprint of a subset of the soundwaves, which are then used exclusively to find a match in our database and then deleted."