SecureMac, Inc.

Computer security news. Just for Macs.

Get the latest computer security news for Macs and be the first to be informed about critical updates. Industry news, security events and all you need right at your fingertips. Malware threats change daily, so keep up to date on the latest developments to help ensure your privacy and protection. You can never be too safe.

Researcher Discovers That Shazam App Is Always On

Posted on November 21, 2016

Since its arrival in 2002, Shazam has become a popular tool among music fans for identifying songs playing on the radio, in restaurants, in movies or TV shows, and in other similar situations. However, according to recent research conducted by a former NSA staffer, the Mac version of Shazam might be invading your privacy.

Shazam essentially works by listening to and analyzing sound. If you have the app on your phone, you would pull it up and let the app “listen” to whatever song is playing in order to identify it. However, Patrick Wardle, the leader of research firm Synack, says that the Mac version of the Shazam app never really turns off. It’s “always listening,” he says.

Wardle recently developed a tool called OverSight, which Mac users can implement to monitor their webcams and microphones. If an application accesses either without the user’s permission, OverSight lets the user know that they are still being recorded. The program also makes it easy for users to allow or block application requests to access the microphone or webcam.

According to Wardle, Shazam never stops accessing your Mac’s microphone—at least as long as the app is running. You can toggle the app “OFF,” but that action only tells Shazam to stop saving or processing audio data. In other words, the app is always receiving audio data—it just isn’t always doing anything with it.

Wardle discovered the Shazam privacy issues after reverse engineering the audio processing software. (You can read more about Wardle’s process in his blog post on the subject.) He noted that, even though Shazam is not using the audio data collected while the app is switched off, he still isn’t comfortable with the program “constantly pulling audio off my computer’s internal mic.”

Shazam representatives ultimately responded to Wardle’s discoveries in an article published by The Register. They said that the issue is “benign” and poses no major security risks, since Shazam doesn’t actually record audio, but only processes it. Shazam reps also said that leaving the microphone on is important for giving users a fast, responsive, and high-quality experience. However, Shazam also said that a forthcoming update would resolve the issue.

Wardle’s concern isn’t that Shazam itself is listening to users’ conversations or infringing upon their privacy. Rather, the former NSA staffer is worried that a hacker or a piece of Malware could piggyback onto the Shazam Mac app and use it to listen to users without being detected.

Join our mailing list for the latest security news and deals