How Secure Is Google’s ‘Ok Google’ Listening Feature?
by
—
· in Computing
The ‘Ok Google’ feature is a voice activation phrase for Google’s voice-based services and the google assistant. Once a user utters the phrase, the device activates the voice search or any other services that use voice control and send whatever voice data that is recorded. How safe is that? Is it a secure practice to unlock your phone with your voice? Does Google listen to any audio that is said before the ‘Ok Google’ part?
How ‘Ok Google’ works?
In order for Google to detect when the user utters the phrase ‘Ok Google,’ there needs to be a constant or a periodic state of recording and processing to be done to validate it. This process is usually done by an ‘always on’ software or hardware technology.
Some mobile processors have an active tiny core allocated to an ‘always on’ state that consumes very less power. For the models that lack this hardware support, the ‘passive listening’ is done when the device is awake (i.e. when you unlock it or use it).
So yeah! Whatever you speak, with your device next to you, is recorded all the time. But as Google claims, the data is not sent to their servers every time you speak. One way to verify this is to check your data when the device is passively listening. And it would make sense of course, as it wouldn’t be efficient for Google to process all the voice data, not to mention that it is illegal for the company to do so.
But after the user utters ‘Ok Google’ or something that’s similar to it, whatever is recorded after that phrase is sent to the Google servers for further processing. This is how the ‘Ok Google’ feature works. But here comes the privacy and safety concerns.
‘Ok Google’ is not so okay with user privacy
Problem 1 – Anything close to the phrase ‘Ok Google’ can initiate an active recording
A major flaw in this feature is that, the voice recognition itself is not perfect all the time. No matter how much they are trained, there are millions of people with different accents and unique timbre. If someone around you, or even you for that matter, utter a phrase something similar to ‘Ok Google’ — like one time my friend intentionally activated his Google voice search by saying ‘Ok Gokul’—it would start recording and sending whatever things you speak after that.
Problem 2 – All the ‘Ok Google’ recordings might be retained by Google (apart from your history)
Even your ‘Ok Google’ searches are recorded in your account history. If this is a shocker, you can even listen to it here. When you play a few of those recordings, you might notice that some of the recordings have spoken words even before you have said the activation phrase. This is not acceptable for anyone!
‘Ok Google’ is not secure
Google has this feature ‘Unlock with Voice Match’ which can be set so that you can unlock your phone by uttering the phrase ‘Ok Google’. Using your voice to activate your device is completely insecure. Forging your voice isn’t that hard.
Update: Google has removed this feature finally.
‘Ok Google’ may be a useful and an accessible feature, but it’s not recommended if you care about your privacy or digital security.
This post was first published on February 4, 2014.
This is the problem with closed source features. Google has the choice and resources to deploy an offline voice-processing app. But they are wary of risking their proprietary algorithm by letting it out in the open. If Google cannot trust the users, why should users trust them?
Any software company in the market for profit will want to protect their IP man. Google ain’t a charity house!
What other phrases sound like ‘Okay Google’?