Is your phone actually listening in on you? The answer is complicated

It’s probably happened to you at least once — you’re talking with someone about a particular topic, then shortly after, you see an ad related to that topic pop up in an app or website. It feels like someone is listening in, snatching keywords to serve you ads. Some people are genuinely convinced that companies like Apple, Google, or Meta are keeping our phone mics running constantly, looking to target advertising even more intrusively than they already are. Technically speaking, it’s not impossible either — some governments use zero-click Pegasus spyware to crack down on political dissent.

Are corporations actually listening in via your iPhone or Android device, though? The short answer is that there’s no sign of this. Instead, what you’re probably witnessing is the gears of the online ad industry at their most efficient.

How do I know my phone isn’t listening in?

Skepticism is in order

As I said, it’s technically feasible, so I can’t completely rule out the idea. But there are a few reasons to believe corporations aren’t listening in, beginning with research studies. Outside of spyware, no evidence of systematic eavesdropping has turned up so far. Some individual apps have occasionally been caught sharing images and video data without user consent — most notably in a 2018 Northeastern University study of 17,260 Android apps from Google Play, Anzhi, AppChina, and Mi.com — but that’s quite different from apps being allowed to record audio 24/7 with impunity. Officially, that would be a severe violation of Apple and Google’s app store privacy policies.

Speaking of rules, unauthorized recording would also violate the US federal Wiretap Act, not to mention various state-level laws requiring recording consent from both parties. It wouldn’t make sense for a company to risk both criminal charges and civil lawsuits for the sake of better advertising, especially since it isn’t guaranteed to result in more sales. I’m bombarded with ads every day, but any clicking on them is accidental, and I’ve never once bought something because of an ad’s direct influence.

The closest thing to a legitimate eavesdropping concern is the anonymous sampling companies have done for their voice assistants. Apple, for instance, used to automatically collect recordings of some Siri interactions for analysis by contractors. The company was upfront about this in its legal warnings, but it was pressured into an opt-in approach after a 2019 scandal, exposing that some of the recordings included personal moments caught by accident — like sexual encounters. It took until 2025 for Apple to settle a related legal action, but it still insists that none of this data was used for advertising.

Similar voice analysis has been done for Amazon Alexa and Google Assistant, and Meta has previously paid contractors to transcribe portions of opt-in voice chats. All of these cases invoke general privacy concerns, however, rather than anything related to advertising. The companies are trying to refine their voice technology, making products like iPhones and Echo speakers respond the way they’re supposed to.

Non-stop recording would be easy to catch on phones for at least one reason: battery life. While microphones don’t consume much power, constant cellular or Wi-Fi activity does. The drain would be pretty evident to users, and a source of many, many complaints.

It would also be tough to explain away the extra bandwidth consumption. Someone would notice if this was a widespread phenomenon, whether it’s users, carriers, researchers, or internet providers. The sheer amount of data would be overwhelming. Consider that 24 hours of 128kbps audio consumes about 1.32GB — for just a million people, that would translate into 1.26PB (petabytes) of traffic, and in reality there are billions of smartphones in circulation. You could temper bandwidth consumption by lowering bitrates, or only recording a sliver of the population, but companies would still need massive (additional) datacenters to store and analyze what they were collecting.

So what’s actually going on?

The realities of online ad tracking

The unsettling truth is that advertisers and their partners don’t need to listen in. When you load an app like TikTok or Instagram, it’s analyzing the minute details of how you use it, such as what you’re searching for and what posts you linger on. Combined with details like your device model and general location (e.g. Austin, Ottawa, etc.), this gives platform holders plenty of info for directing ads at the people most likely to respond to them. Websites commonly use cookies to track your interactions if you don’t explicitly block them.

As if that weren’t enough, identity providers can cross-reference dissociated details — such as phone numbers, email addresses, and device activity — to link them to individual people without actually naming anyone. This info is used by advertisers to gauge the performance of their campaigns. Data brokers, meanwhile, are constantly working to scrape and sell user data to marketers and advertisers.

The result is that ads can become hyper-personalized. One obvious example is that if you (or someone at your IP address) has been searching for wedding-related topics, like caterers and dresses, it shouldn’t be surprising to see ads pop up for things like engagement rings and honeymoon vacations. Recently, I’ve been noticing more Facebook ads for Japanese-style harem pants, presumably because I lingered on a few previous ones while I was scrolling. What can I say, they look comfortable.

This personalization is so specific that ads can be set to trigger when you’re most likely to respond, or at least, when the data suggests you will. Occasionally, this results in a perfect storm, with ads that know all too much about you showing up at times when you’re actively thinking about their subject matter. If you happen to be talking to someone, boom — it’s no wonder it feels like someone is snooping on you.

How can I protect myself?

Some simple steps to take

If you’re uncomfortable with strangers knowing this much about you, the best you can do, usually, is to restrict how much information is flowing out in the first place. Remove apps and services you’re no longer using, and if you sign up for a new platform, share the minimum of data needed to make things work. Not every app needs a list of contacts or links to your social networks. Don’t get tricked into signing up for irrelevant newsletters either, since you’re sharing not just your email address but how you respond to each email.

On the web, limit cookies to ones that are strictly necessary for sites to function. You can go a step further with tracker-blocking plug-ins like the Electronic Frontier Foundation’s Privacy Badger. As for apps, it’s important to control their location, camera, and/or microphone access, or revoke permissions entirely if you don’t need them. Often, location permissions can be limited to when an app is open, unless it’s something like a navigation or fitness product. Android users can change permissions by going to Settings > Apps > [app name] > Permissions. iPhone users need to go to Settings > Privacy & Security, then select a permission category.

If you want to go after data that’s already out there, things become trickier. Services like Optery and Incogni can help you opt out of data brokers, and Google lets you scrub your activity — but because it’s difficult to go online without leaving a trace, this isn’t a one-and-done proposition. Ultimately, you’ll have to amend your privacy practices and hope for the best.