Few things sow distrust faster than speculation that apps and internet-connected devices are surveilling their own users in secret. Facebook mining your browsing habits to serve ads is one thing. But what if you found out your sex toy was taping you?
That's what Redditors on the community r/sex claimed they discovered on Thursday, when a user said that they noticed a six minute long clip titled "tempSoundPlay.3gp" in the Lovense app's folder.
The lovense remote control vibrator app (used to control remote control sex toys made by lovense, such as this one) seems to be recording while the vibrator is on [...] The file was a FULL audio recording 6 minutes long of the last time I had used the app to control my SO's remote control vibrator (We used it at a bar while playing pool) [...] At no time had I wanted the app to record entire sessions using the vibrator.
While Gizmodo was unable to replicate the issue without one of these particular toys, other commenters using the app to control Lovense's internet-enabled vibrators and masturbation sleeves also said that they had been taped during intimate moments.
The original post suggests the recording took place while using the Lovense app's video chat feature, but another user who spoke with Gizmodo over Reddit private message claimed "tempSoundPlay.3pg" appeared on their device as a result of testing the "sound" feature, which vibrates in response to, well, sounds. Luckily their experience was less revealing.
I hadn't really used this feature, the only time before all this was just taking a peek at what all the various features do. When I found the recording, it was just a 3 second clip of ambient noise and some thumping, which I presume was me messing with my phone.
"Absolutely no sensitive data (pictures, video, chat logs) pass through (or are held) on our servers," Lovense's privacy FAQ states, curiously omitting audio as an example.
A response in the thread from what looks like the official Lovense account claims the issue is a bug only affecting Android users, and that audio is not sent to the company's servers. Even still, the possible existence of a rogue audio file of a sex toy owner's private moments was a rude awakening to some who have already grown wary of similar devices revealed to be insecure or outright nefarious - the most infamous being We-Vibe, which lost a $US3.75 million ($4.9 million) class-action lawsuit for illegal data collection.
Lovense's Reddit post claims the company is working to patch the issue, and was later updated to include a link to the newly-released version of the app, which it claims deletes audio "once your session is finished".
The release notes for "What's New" state:
- Video chat optimised
- Fixed minor bugs
The company has not responded to our inquiries regarding the length of time this bug was out in the wild. Even if this audio never touched Lovense's servers, it's likely not the sort of thing anyone would want exfiltrated if their phone was stolen or hacked.
For those looking to remove audio files made by Lovense's app on Android devices, they can be found in internal storage > wear > temp > tempSoundPlay.3gp.