The Federal Trade Commission has twice taken enforcement action against companies that processed sensitive user data in the background without adequate consent, and the resulting case records offer the clearest public evidence that some apps collect far more than their users expect. In the matter of 1010 Digital Works LLC, the FTC alleged the company sold a marketing product using representations about conversations captured from consumers’ smart-device microphones for ad targeting, calling its consent claims deceptive. A separate consent order against Everalbum, Inc., dated January 11, 2021, addressed background facial-recognition processing that ran contrary to user expectations. Together, these cases frame a concrete question for anyone with a smartphone: which apps are still accessing sensors after the screen goes dark, and what can users actually do about it?
Why background recording allegations triggered federal action
The 1010 Digital Works LLC case, filed as FTC matter 242-3033, centers on a specific allegation: that the company marketed a product as though it could listen through consumers’ smart-device microphones and use those captured conversations to serve targeted ads. The FTC did not merely flag the practice as intrusive. It alleged the consent claims themselves were deceptive, meaning users who believed they had agreed to limited data use were, according to the agency, misled about what the product actually did.
That distinction matters because it shifts the problem from a technical vulnerability to a trust failure. An app that records audio in the background is one kind of risk. An app whose permission prompts actively mislead users about the scope of recording is a different, harder problem to detect from the outside. The FTC’s allegations suggest that even users who read consent screens could not have understood the full extent of microphone access or how their conversations might be repurposed for advertising.
The Everalbum consent order tells a parallel story through a different sensor. Everalbum operated a photo storage app called Ever. The FTC documented that the company enabled facial-recognition processing contrary to what users had been told, and the resulting order required deletion of both improperly collected biometric data and certain algorithmic outputs derived from that data. Both cases show the same pattern: a consumer-facing app quietly running sensitive processing, whether audio or biometric, that exceeded the boundaries users believed they had set.
A reasonable hypothesis is that apps whose privacy labels or consent flows were updated after an FTC consent order would show measurably lower rates of background sensor access in independent app-store audits conducted six months later. No publicly available audit data confirms or refutes that prediction at this time. The absence of such audits is itself telling. Without systematic, independent checks on background sensor behavior, users remain dependent on self-reported privacy labels and on enforcement actions that arrive well after the fact.
What FTC case records reveal about microphone and camera access
The strongest public evidence about background recording comes directly from FTC enforcement documents rather than from third-party app reviews or security researchers. In the 1010 Digital Works matter, the agency’s allegations describe a product that was represented as capable of capturing conversations from smart-device microphones and using that data for advertising purposes. The FTC treated those representations as material to consumers’ decisions about whether to install or continue using the associated software, underscoring that the promise-or denial-of background listening can influence user behavior.
The Everalbum case adds a second dimension. While it did not involve microphone access, it established that background biometric processing, specifically facial recognition applied to stored photos, can violate user consent when the scope of that processing is not clearly disclosed. The mandated deletion of derived data in the Everalbum order set a precedent: regulators can force companies to destroy not just the raw data they collected improperly but also the models and outputs built from it. For users, that means hidden analytics built on undisclosed sensor access are not necessarily permanent.
Both cases also point users toward federal reporting tools. The FTC’s Take It Down service provides a channel for reporting unwanted intimate images and related privacy violations, including those involving minors. While it does not directly target microphone or camera misuse by commercial apps, it illustrates the agency’s growing focus on nonconsensual image circulation. The agency’s Do Not Call registry at donotcall.gov, by contrast, handles a separate category of unwanted contact: telemarketing calls and certain text messages. These tools exist because enforcement alone cannot keep pace with the volume of apps requesting sensor permissions.
Users who suspect an app is accessing their microphone or camera without clear justification can file complaints through the FTC’s general consumer reporting channels. However, the agency has not published aggregate complaint volumes tied specifically to microphone-enabled apps, and the public case docket contains only a small sample of enforcement actions. The gap between what regulators have documented and what users experience daily is wide. The two FTC cases name specific companies and specific practices. They do not provide a comprehensive list of every app engaged in background recording.
No federal database currently tracks which consumer apps access microphones or cameras after initial setup, and app-store privacy labels rely on developer self-reporting. That self-reporting is only as reliable as the enforcement behind it. In practice, most users learn about problematic background access only after a news story, a regulatory action, or an obvious device symptom such as unexpected battery drain.
Unresolved questions about which apps still listen
Several questions remain open. The FTC cases against 1010 Digital Works and Everalbum establish that regulators can act when background data collection exceeds consent, but neither case provides forensic device logs showing real-time microphone activation by specific consumer apps beyond the two companies named. Independent researchers have tested individual apps for microphone access over the years, yet no single, regularly updated public audit covers the full range of popular apps on major mobile platforms.
Developers involved in these consent orders have not, in the case records, released detailed public statements explaining how their apps changed after enforcement. Without such disclosures, users cannot verify whether the practices described in the complaints have been fully remediated or merely reworked into less obvious forms. The consent orders themselves typically require changes to data handling and documentation, but they do not automatically translate into clear, user-facing explanations inside the apps.
The technical landscape adds more uncertainty. Modern mobile operating systems display indicators when microphones or cameras are active and offer granular permission settings, but these controls remain difficult for many users to interpret. An app that legitimately uses the microphone for voice messages can still request broad, ongoing access, and few users have the time or expertise to test whether that access is limited to obvious features or extends into less visible profiling.
That leaves a practical dilemma. Consumers cannot easily determine which apps, beyond the companies already cited in FTC matters, might be engaging in similar background recording or biometric analysis. At the same time, regulators and advocates lack comprehensive telemetry about how sensor permissions are used across the app ecosystem. The result is a patchwork of anecdotal reports, occasional enforcement actions, and privacy policies that often read more like liability shields than meaningful disclosures.
What users can realistically do now
In the absence of a definitive public registry of safe and unsafe apps, users are left to manage risk rather than eliminate it. That begins with minimizing sensor permissions: granting microphone and camera access only when an app clearly needs it, reviewing permission settings periodically, and revoking access for apps that no longer justify it. Users can also watch for operating-system indicators that show when sensors are active, especially in moments when no obvious feature is in use.
When something feels off-such as an app requesting microphone access for a function that appears unrelated to audio-users can document the behavior and consider filing a complaint with the FTC. While individual reports may not trigger immediate action, they contribute to the broader pattern recognition that informs future enforcement. For those facing more acute harms, such as the circulation of intimate images without consent, specialized tools like the Take It Down portal offer a more direct path to relief.
None of these steps fully answer the core question of which apps still listen in the background. They do, however, reflect the reality described in the FTC’s own case records: that undisclosed sensor access is both technically feasible and, in some instances, already the subject of federal enforcement. Until independent audits and stronger transparency requirements catch up, users will have to navigate that uncertainty with a mix of caution, selective trust, and a willingness to report suspicious behavior when they see it.
More from Morning Overview
*This article was researched with the help of AI, with human editors creating the final content.
