Why Does Binance’s Android App Need to Use Your Microphone?

Published at: July 8, 2020

Twitter users have raised concerns about the possibility of Binance’s Android app containing spyware. This speculation comes after recent revelations suggest that the social video platform, TikTok, contains spyware created by the Chinese government.

According to the Twitter user @ShitcoinSherpa, who posted a certificate issuer’s screenshot, the permissions asked by Binance in its Android app include access to the camera and the ability to record audio. Notedly the app does not appear to have any public features that use these functions:

The delicious irony of shitting on TikTok for being Chinese spyware, but still using the Binance app 🙄 pic.twitter.com/rn9RGW2z88

— Sherpa (Visit CoinHQ.tv) (@ShitcoinSherpa) July 8, 2020

Speaking with Cointelegraph, Binance’s Chief Security Officer addressed to the concerns and clarified some inputs:

“The camera is used during the KYC process. The code developed in house within the Binance app definitely does not use the microphone. We have a third-party SDK that requests this permission. It is used during the KYC process. The third-party vendor is Megvii. It is used during KYC for ID scanning. We are trying to determine if we can get rid of this permission. However, it could be that Megvii uses the background noise to determine fraud. We will let you know when we hear back from Megvii to confirm on the point above.”

@ShitcoinSherpa additionally clarified:

“I'm not necessarily saying that it *is* spyware, but rather that the permissions it asks for are not necessary to run an exchange app. It has camera & audio permissions, which shouldn't be necessary for trading. Previous versions, however, have flagged for malware. Whether false-positives or not (as with ESET), those versions still had unnecessary levels of access, and are still flagged. (...) It essentially has the same access to user data as TikTok, and has the same concerns re: China, in my opinion.”

Permission requests common in mobile apps

Speaking with Cointelegraph on the condition of anonymity, a source who works for a malware lab said:

“It’s not uncommon for apps to ask for more permissions than necessary. It’s not necessarily a sign that they’re up to anything nefarious and users don’t have to grant those permissions.”

The expert adds that Android 11’s recent updates may have led the company to “tighten up” the measures used to combat malicious mobile apps.

In 2017, a Reddit user asked if Binance’s PC or Android software contain “spyware”. At the time, a Binance rep refuted the user’s suggestion:

“Of course it isn't spyware. Due to the network connections it must make to provide accurate data (required for an exchange platform), it can be misinterpreted by some anti-virus software. It's simply a false-positive. However, you are free to make your own decisions.”

Tags
Related Posts
Binance will ‘do what they can’ to help recover funds stolen in yesterday’s $5M Eterbase hack
Eterbase, a Slovakia-based crypto exchange, was recently the victim of a $5M hack. According to an update from Eterbase, some of these funds appear to have ended up on a number of popular exchanges, including Binance, Huobi Global, and HitBTC. Binance CEO's Changpeng Zhao, or CZ, seemed to support efforts to stop the circulation of these stolen funds, replying: “Our security team was on this quite early. Will do what we can to assist.” Through Telegram, Eterbase also published a list of the hot wallets compromised by the hack. These included Bitcoin (BTC), Ehereum (ETH), Tron (TRX), Tezos (XTZ), Algorand …
Technology / Sept. 10, 2020
Binance Security Report Sheds Light On Crypto Scams
A report released by major crypto exchange Binance illustrates how scams targeting cryptocurrency investors attempt to gain credibility. In the report published on June 30, the exchange explained that its Binance Sentry risk investigation service observed reports of fraudulent investment schemes promising quick or exponential returns on cryptocurrency investments. The frauds do not just concern crypto but also forex, binary options and contracts for difference (CFDs). Binance published the report after a Bitcoin (BTC) scam targeted the residents of Winnipeg, Canada, in late June. Scams are often well-organized, big operations Scam organizations are frequently the subject of regulatory warnings but …
Blockchain / July 2, 2020
California University Pays Million-Dollar Crypto Ransom
The University of California at San Francisco School of Medicine reportedly paid a $1.14 million ransom in cryptocurrencies to the hackers behind a ransomware attack on June 1. According to CBS San Francisco, the UCSF IT staff first detected the security incident, stating that the attack launched by NetWalker group affected “a limited number of servers in the School of Medicine.” Although the areas were isolated by experts from the internal network, the hackers left the servers inaccessible and managed to deploy the ransomware successfully. A statement published by the University of California said: “The data that was encrypted is …
Technology / June 30, 2020
Binance Smart Chain Adds Chainlink Oracles for Better DeFi
Binance Smart Chain — a dual-chain architecture from major crypto exchange Binance — is now integrating Chainlink (LINK) data oracles. Binance Smart Chain adds smart contracts to the exchange's original chain, Binance Chain, and is currently in testnet. Chainlink co-founder Sergey Nazarov told Cointelegraph that in his opinion, this integration will save time and effort for developers who are building decentralized apps on the blockchain: “With the Chainlink integration, Binance Smart Chain developers no longer need to dedicate months of engineering time to set up their own oracle infrastructure. Now, they can simply use Chainlink as an abstraction layer to …
Technology / July 23, 2020
A Look Into Recent Binance Trading Performance Issues
As Cointelegraph reported on Feb. 19, Binance temporarily suspended most of its crypto trading platform activities due to unscheduled system maintenance. For several hours the exchange’s users were unable to perform most basic functions including deposits, withdrawals, spot trading, margin trading, P2P trading, lending, redemption, as well as asset transfers from sub-accounts, margin accounts, futures accounts, and fiat wallets on the platform. During the outage, Binance CEO Changpeng Zhao explained that the root cause of the trading halt was a technical issue with one of the market data pushers. In the end the exchange solved the issue the same day, …
Technology / Feb. 25, 2020