Late last week, a Reddit user took to the popular discussion site to reveal that the app that is used to control remote control sex toys made by Lovense “seems to be recording while the vibrator is on.”
“I was going through my phone media to prepare it for a factory reset and came across a .3gp file named ‘tempSoundPlay.3gp’ in the folder for the App. The file was a FULL audio recording 6 minutes long of the last time I had used the app to control my SO’s remote control vibrator (We used it at a bar while playing pool),” the user said, but noted that he (or she?) is not tech savvy enough to know if the recording had been sent to the company or not.
The post garnered considerable attention, and the company finally responded two days later, confirming that the Android app does created a temporary file when someone uses the Sound Control feature, but that it is not sent to the company servers.
“This cache file currently remains on you phone instead of deleting itself once your session is finished. Also, when the file is created it overwrites itself (no new files are created),” they said, and called the issue “a minor bug.”
They confirmed that it’s present only in the Android bug, and later noted that it has been fixed in the latest version of the Lovense Remote Android app (v3.0.7).
“The fix deletes the temporary audio file ‘tempSoundPlay’ after exiting the Sound Control feature and the app will do an additional check and delete each time the app is started,” they added.
Checking out the claims
Brad Haines, a security researcher running the Internet of Dongs Project, which concentrates on analyzing the security and privacy of connected sex toys, has decided to check whether Lovense’s claims were true.
He found the file, and found it to be a complete recording of the surrounding sounds while the Ambient sound function was in use. The file was not cleaned after the app was restarted because the functions that should do it were not called properly.
But, most importantly, “after disassembling the APK with various decompilers, the source was searched extensively and nowhere is that file accessed by any process that sends it anywhere. Additionally, Dynamic testing (monitoring the traffic to and from a device running the app) showed there was never any attempts to move the tempSoundPlay.3gp file.”
“The most likely scenario is one of a bug that failed to take out the trash after it was done,” Haines noted, and praised Lovense’s quick reaction and release of the fix to users.