
Sex toy company Lovense admits its Android app locally stored audio recordings - danso
https://www.theverge.com/2017/11/10/16634442/lovense-sex-toy-spy-surveillance
======
justboxing
Normally I'd call BS on a Company calling unauthorized collection of data a
'minor' bug, but in this particular case, it seems likely that this is the
case.

I say this because -- according to the company's official response[1] -- the
recordings were only created on the Android version and not the iOS version of
their app.

They also state that the recording is only cached locally on the phone and not
uploaded to their servers.

Leads me to think that it's very likely their Android app programmer(s) wrote
some test code to save the file, and forgot to delete it or conditionally hide
it in their release version of the App. There's no excuse for the sloppy
programmer(s) if this was the case, I'm just saying the 'bug' angle is a
possibility, because the Company has also been very quick to fix it and
release an updated version for the Andriod app.

One more thing, I wouldn't call something like this a 'minor' bug. Likely
their PR team threw that word in.

> Source: Lovense's official account on Reddit:
> [https://www.reddit.com/r/sex/comments/7bmi3i/psa_lovense_rem...](https://www.reddit.com/r/sex/comments/7bmi3i/psa_lovense_remote_control_vibrator_app_recording/dpm4050/)

~~~
GuB-42
Hanlon's Razor : Never attribute to malice that which is adequately explained
by stupidity.

I think it totally applies here.

Not removing temporary files is a very common bug. As a developer, I've
encountered it several times, sometimes I caused it, sometimes I fixed it, and
I've seen it happen in other people software just as often. This is one of the
reason I hate temporary files, they just don't wan't to be temporary.

~~~
whatshisface
The Godfather's Switchblade:

Make it look like an accident.

Ultimately I don't think we can judge intent in situations like these,
especially because it's so easy to disguise[0]. A sentence can be constructed
in favor of any opinion; so I'll spare you my attempt at an alternate reading
of the situation that makes them sound guilty so long as you agree that it's
possible to do.

I think a few questions can be raised about whether we can trust a company's
claim that a problem stops exactly at the limits of what's been made publicly
visible. How do we really know that select installations weren't phoning home
with their captures?

This is a great moment to plug the idea that we really should be able to see
the source code of the software we're running.

[0] [http://www.underhanded-c.org/](http://www.underhanded-c.org/)

~~~
banku_brougham
This is very good. The parent comment is very reasonable, but your switchblade
admits the possibility of aonethig very concerning which is not easily
dismissed.

They did post a bug fix though.

~~~
metaobject
Well, why wouldn't they post a bug fix? I don't see how that says anything
about motive/cause. They'd do that even if it _was_ intentional.

------
mattbierner
One nice thing about their hardware though is that it is very easy to write
custom software to control it. Almost concerning easy actually. See the
Metafetish project for one example of this:
[https://github.com/metafetish](https://github.com/metafetish)

~~~
_jal
This is my new favorite Github project, but I only read it for the app names.

------
echan00
The issue was probably blown more out of proportion by the writers who are
encouraged to come up with click-bait headlines

------
olympus
Oh wow. While recording audio is concerning, I am so glad to be living in the
timeline where I can control my sex toy with my smartphone. The next thing
they need is an Alexa skill (which someone might already have).

------
tryingagainbro
Feature or a bug the company deserves no mercy, you should triple check those
things--after you quadruple check them.

BUT, personally I assume that anything I do with a smartphone gets uploaded to
the cloud via a permission I mistakenly gave, bug, or they can get hacked. In
other words, certain kind of pictures, movies or acts don't (IMO) mix with a
smartphone.

------
porfirium
Incendiary title, even if correct. There is no proof whatsoever the recordings
were uploaded anywhere.

~~~
untog
...where does the title say they were uploaded? It says they were recorded.
The company admits they were recorded.

~~~
Dylan16807
It says _they_ recorded it, which strongly implies they had the data and their
servers did the recording.

------
typetehcodez
That's a real humdinger!

------
659087
Just like it was "accidental" when Google's street view cars were capturing
wifi data.

~~~
johannes1234321
Yes, likely. It'S plausible that Google captured Wifi signals in order to get
to the SSID etc. to build a location database and they forgot to cut of the
data part, possibly assuming it was encrypted anyways. Considering that they
announced the mistake themselves and the short time the car was in receiving
distance makes this a quit believable thing.

Similar here: The developers logged information onto the device itself in one
version of the software and didn't hesitate to push a new release.

From an engineering perspective relatively small bugs. Impact a bit larger.

~~~
659087
> and they forgot to cut of the data part, possibly assuming it was encrypted
> anyways

At the point in time when Google pulled that stunt, unprotected networks were
still incredibly common. A company like Google playing dumb on that, or
actually not knowing that, would be pretty sad.

~~~
johannes1234321
Let's assume they did that on purpose: What's the purpose they get? Some
random fragments of communication? They already have more relevant info via
Google analytics and such about anybody, than what they gather while driving
by ...

------
DonHopkins
They only call it a 'minor bug' because nobody's discovered the 'major bug'
yet. Gotta leave yourself some wiggle room (so to speak).

------
squarefoot
I believe we should push Google, Apple etc. into taxing permissions usage, say
2% for every permission if you use it and 5% if you require it but don't use
it, so that if common sense doesn't work at least greed will encourage
programmers to require access only to what is really necessary.

~~~
bdcravens
How would you tax free apps?

~~~
sidlls
Do not permit them. Free apps are just a way to reinforce the user-is-the-
product problem that exists today.

Note: I don't agree with a "permissions tax."

~~~
fleitz
You may also want to purchase your phone from a company that isn't the world's
largest advertising company.

It's kinda funny that everyone is upset about a temp file when the device
itself sends their entire porn history to Google everyday of the week.

Basically, if you don't want to be spied on, stop using Google products.

