Why Does Binanceâ€™s Android App Need to Use Your Microphone?
Users accuse Binanceâ€™s Android app of being spyware for the Chinese government.
Twitter users have raised concerns about the possibility of Binanceâ€™s Android app containing spyware. This speculation comes after recent revelations suggest that the social video platform, TikTok, contains spyware created by the Chinese government.
According to the Twitter user @ShitcoinSherpa, who posted a certificate issuerâ€™s screenshot, the permissions asked by Binance in its Android app include access to the camera and the ability to record audio. Notedly the app does not appear to have any public features that use these functions:
The delicious irony of shitting on TikTok for being Chinese spyware, but still using the Binance app ðŸ™„ pic.twitter.com/rn9RGW2z88
â€” Sherpa (Visit CoinHQ.tv) (@ShitcoinSherpa) July 8, 2020
Speaking with Cointelegraph, Binanceâ€™s Chief Security Officer addressed to the concerns and clarified some inputs:
â€œThe camera is used during the KYC process. The code developed in house within the Binance app definitely does not use the microphone. We have a third-party SDK that requests this permission. It is used during the KYC process. The third-party vendor is Megvii. It is used during KYC for ID scanning. We are trying to determine if we can get rid of this permission. However, it could be that Megvii uses the background noise to determine fraud. We will let you know when we hear back from Megvii to confirm on the point above.â€�
@ShitcoinSherpa additionally clarified:
â€œI’m not necessarily saying that it *is* spyware, but rather that the permissions it asks for are not necessary to run an exchange app. It has camera & audio permissions, which shouldn’t be necessary for trading. Previous versions, however, have flagged for malware. Whether false-positives or not (as with ESET), those versions still had unnecessary levels of access, and are still flagged. (…) It essentially has the same access to user data as TikTok, and has the same concerns re: China, in my opinion.â€�
Permission requests common in mobile apps
Speaking with Cointelegraph on the condition of anonymity, a source who works for a malware lab said:
â€œItâ€™s not uncommon for apps to ask for more permissions than necessary. Itâ€™s not necessarily a sign that theyâ€™re up to anything nefarious and users donâ€™t have to grant those permissions.â€�
The expert adds that Android 11â€™s recent updates may have led the company to â€œtighten upâ€� the measures used to combat malicious mobile apps.
In 2017, a Reddit user asked if Binanceâ€™s PC or Android software contain â€œspywareâ€�. At the time, a Binance rep refuted the userâ€™s suggestion:
â€œOf course it isn’t spyware. Due to the network connections it must make to provide accurate data (required for an exchange platform), it can be misinterpreted by some anti-virus software. It’s simply a false-positive. However, you are free to make your own decisions.â€�
Powered by WPeMatico