While the app is running, the app sends a HTTP (edit: HTTPS) request every time the track information changes or the volume changes.
When the track information changes it sends the artist, album and song name. When you change the volume it sends the new volume level.
Every request includes standard meta-data such as
* An _anonymous-id_
* Device serial number
* Information about whether wifi or cellular are connected and carrier name
* Device name, model and manufacturer
If there is interest I will write a blog post about potential ways to stop the data collection without removing the app :)
1. What's the estimated bandwidth impact of this data collection? Many users have very limited data use, and chatty messages on play/pause/volume change wouldn't be appreciated.
2. HTTP or HTTPS?
3. How does it work with other apps (like Google Music) that might provide more music details? Like does it send more information when the id3 tags have all the fields filled in? Things like comments, encoding, etc might also be transmitted. Streaming services like Spotify probably try to trim that as much as possible, but local files could have a lot more data.
4. Can you see anything about the anonymous id that might make it not that anonymous? I mean, the device serial number alone kind of defeats an anonymous id. But there's been a fair amount of work in reidentification of anonymous data, and many developers take shortcuts when generating their "anonymous" data. (https://arstechnica.com/tech-policy/2009/09/your-secrets-liv...).
5. It's sending this data in the background, correct?
6. What does it send (if anything) during calls, emails, texts, map navigation, and voice commands?
2. Everything is secured with HTTPS! All the analytics messages, messages to boses servers and firmware checks are all over HTTPS (The firmware file its self is downloaded over HTTP, but the URL is provided over HTTPS and the firmware may well be signed)
3. A good question that needs further investigation :)
4. The anonymous id doesn't have any glaring information at least not immediately from the analytics platforms documentation https://segment.com/docs/spec/identify/ however yes the other meta-data defeat the purpose of an anonymous id.
5. It is definitely sending the data while the app is in focus, and i believe while the app is open but not in focus. I am not 100% sure here as it was a very quick test.
6. Again something else to investigate :)
On another note, I wonder if any other wireless audio manufacturers are doing similar things.
As a side note. I can imagine why they'd want this information. Seeing what people are listening to and what volume settings are commonly being used would potentially help them tune future products better for their "average user"
Just curious if it was difficult to do. If more people knew how to, maybe this sort of activity wouldn't sneakily happen as often.
Provided you own and have physical access to your phone, you can use any number of proprietary/open free/costly tools to do so. (E.g Fiddler http://www.telerik.com/fiddler, Burp https://portswigger.net/burp/ and mitmproxy https://mitmproxy.org/)
In this case I used fiddler, all I had to do generate a custom root certificate (Be warned this is not a good idea in general, look up super fish if you want an example of why installing custom root certificates can be bad), install that certificate on my device and then proxy my device through the computer running fiddler.
This process is far better documented here http://docs.telerik.com/fiddler/Configure-Fiddler/Tasks/Conf... if you need any more help or advice let me know
I have used the approach of installing wire shark on a pc operating as an access point, and it was easy enough to set up assuming you have the requisite equipment.