The Federal Trade Commission sent warning letters to app developers in March 2016 after discovering that certain mobile applications contained software capable of monitoring a phone’s microphone to listen for audio signals embedded in television advertisements. The code, developed by a company called Silverpush, could activate a device’s mic without clear notice to the person using the app. That action by the FTC remains the most direct federal intervention against passive audio surveillance on consumer phones, and the questions it raised about microphone permissions have only grown sharper as smartphones sit alongside smart TVs, voice assistants, and connected speakers in millions of homes.
FTC’s Silverpush Letters and the Privacy Gap They Exposed
The core problem the FTC identified was straightforward: apps that had no obvious reason to use a microphone were quietly embedding third-party code that could turn it on. The Silverpush software worked by listening for ultrasonic audio signals, inaudible tones hidden inside TV commercials. When a phone picked up the signal, the app could log what a person was watching, when they were watching it, and potentially link that data to their device identity and browsing habits. In its public announcement about the letters, the agency stated that this practice raised serious privacy concerns, especially when the listening happened in the background without adequate disclosure.
The agency did not publicly name the specific apps or developers that received its letters. That gap matters. Without a public list, consumers had no direct way to check whether an app on their phone contained the Silverpush code. The FTC’s position was that developers needed to ensure their privacy disclosures accurately described the app’s data collection, including any audio monitoring. If an app’s description or permissions screen failed to mention microphone access for ad-tracking purposes, the developer risked violating federal rules against deceptive practices.
A reasonable question follows from that 2016 action: did the apps flagged by the FTC generate more user complaints afterward than similar apps that were never flagged? The FTC operates a central complaint portal where consumers can file reports about deceptive business practices. No publicly available data from that system breaks out complaint rates by individual app or by whether a developer received a Silverpush-related letter. The hypothesis that warned apps drew higher complaint volumes is plausible but unverifiable with current public records.
What Silverpush Revealed About Microphone Permissions
The Silverpush episode exposed a structural weakness in how mobile operating systems handled microphone access at the time. An app could request mic permission for one stated purpose, such as voice search or audio recording, and then use that same permission to run background listening through embedded third-party code. The user had granted access, technically, but the scope of that access extended far beyond what most people expected.
Both Apple and Google have since tightened their platform rules around background microphone use. iOS and Android now display visible indicators when the microphone is active, and both platforms restrict how long an app can access the mic while running in the background. Those changes address part of the problem, but they do not eliminate it. An app that has been granted microphone permission can still access audio data while it is actively open, and users who tap “Allow” during initial setup rarely revisit those settings.
For anyone concerned about which apps hold microphone access on their phone, the first practical step is checking the permissions menu. On iPhones, this is found under Settings, then Privacy and Security, then Microphone. On many Android devices, the path runs through Settings, then Apps, then Permissions, then Microphone. Both menus show every app that has requested and received mic access. Revoking permission is a single tap, and most apps will continue to function normally for their primary purpose. If an app stops working entirely after losing microphone access, that itself is a signal about how central audio data collection is to its business model.
The FTC also maintains resources for people who believe their personal data has been misused. Through its identity theft help site, the agency provides step-by-step guidance for limiting exposure when sensitive information has been compromised. While identity theft and passive audio tracking are different problems, they share a root cause: data collected without meaningful consent being used in ways the person never anticipated.
Unanswered Questions About Audio Surveillance on Phones
Several significant gaps remain in the public record. The FTC’s 2016 letters were the last major federal enforcement action specifically targeting ultrasonic audio tracking in consumer apps. No follow-up enforcement, consent order, or fine has been publicly announced against any developer for Silverpush-related practices. Whether the warned developers removed the code, modified their disclosures, or simply stopped using Silverpush is not documented in any available federal filing.
Silverpush itself has not maintained a visible public profile in the years since the FTC action, at least in the context of U.S. regulatory disclosures. The company’s technology represented one specific method of passive audio surveillance, but the broader category of cross-device tracking through audio signals has continued to draw attention from privacy researchers. Academic papers and security audits have periodically identified similar ultrasonic tracking techniques in other software development kits, though none has triggered a federal response comparable to the 2016 letters.
The absence of named apps in the FTC’s public statements is the most obvious gap, but it is not the only one. Regulators have not published aggregate statistics on how often microphone permissions are misused, how many apps rely on ultrasonic beacons, or how frequently consumers complain about suspected “listening” by their phones. In practice, people encounter the issue through anecdotes: a conversation about a product followed by eerily relevant ads, or a battery usage report showing an app accessing the microphone far more often than expected. These experiences fuel suspicion but rarely translate into formal investigations.
There is also an unresolved policy question about how transparent mobile platforms should be about third-party code embedded in apps. When a person installs a weather app, they see the developer’s name and the requested permissions, but not the advertising or analytics software development kits that may sit underneath. The Silverpush case illustrated how that hidden layer can dramatically expand what an app actually does with device sensors. One possible reform would be requiring app stores to disclose major tracking libraries in a standardized way, but no such mandate has yet emerged at the federal level.
In the meantime, consumers are left to manage the risk with imperfect tools. Reviewing microphone permissions, uninstalling rarely used apps, and paying attention to battery and data usage patterns can all help surface suspicious behavior. Still, these are workarounds, not structural fixes. The core tension remains: modern phones are built to be always-on, always-listening devices for legitimate features like voice commands, yet the same capabilities can be repurposed for opaque tracking.
The FTC’s intervention in 2016 signaled that there are limits to how quietly companies can exploit that tension. But without more detailed disclosures, public enforcement outcomes, or technical transparency from app platforms, the full story of what happened after the Silverpush letters-and what is happening now with other tracking tools-remains incomplete. For now, the Silverpush episode stands less as a closed case than as an early warning about how much can be heard through a microphone permission that most people grant with a single tap.
More from Morning Overview
*This article was researched with the help of AI, with human editors creating the final content.
