"A widespread myth regarding online advertising is that Google and Facebook are listening to us speak and showing ads on this basis. This is not true, even if it often seems to be. There is a good explanation for this misconception. All of us have probably been part of a discussion on a specific topic—only to see online ads on the same topic immediately afterward. This is not a case of Google recording your speech and using it to target advertising. The most common reason is that people take keener note of matters that they have just discussed. If your phone is showing you ads for holidays in Maui, you probably ignore them. However, if you have just spent time with your cousin in a café, discussing places to visit in Maui during your holiday, the same ad will grab you in a different way. Another explanation is that your friend has been browsing for Internet content relevant to your discussion, even if you haven't. So, if you discussed haggis with your colleagues during your coffee break and you see a Facebook ad for delicious haggis in the afternoon, there is no conspiracy. Inspired by your discussion, your colleague has gone online for a genuine haggis recipe, from the same address space as your workstation. Sometimes, the most peculiar things have perfectly logical explanations."

*If It's Smart, It's Vulnerable", Mikko Hyppönen

I daresay that's a very Finnish style of explanation.

I am so tired of these memes. The network traffic out of common social media mobile apps is fully studied and understood. You can even inspect it yourself if you like, using an access point, an http reverse proxy, a self-generated CA (manually installed on device), and some netfilter rules. AFAIK the social media apps aren't doing cert pinning, but even if they are you can find the pins in the apk and patch your own in over top.

It would be obvious if they were exfiltrating audio data. They are not.

While I agree with you I think it's pretty easy to do the processing on device, encrypt the relevant topics and communicate them in innocent looking calls?

And it's pretty simple to see when an app is doing audio recording (there's even an indicator in the corner of the screen on newer androids), what is being processed, what is encrypted and with what keys, and then decrypted, and what is being sent and received.

It's a computer program, it's not magic, you can take it apart down to individual system calls, and with popular apps, people actually do that.

Do you have a link to any of these studies? It sounds interesting, but I couldn't find anything with my searches

No, they're usually not published. I encourage you to do it yourself.

Looks like Instagram at least does do TLS cert pinning, but it looks like there are patched binaries that disable it.

https://github.com/Eltion/Instagram-SSL-Pinning-Bypass

I think no hard evidence has ever come from theories like this. And like the sibling comment said, considering how much scrutiny major social media apps (and the Android OS) is under from security researchers - surely someone would have noticed by know.

But. I also think this shows how spookily good the surveillance ad tech really is, and to what extent the major players (Alphabet, Meta etc) keep track of people. Non-techy people attribute it to microphones and dictation, while in reality it is just enormous amount of old school digital behaviour tracking.

(And a dash or two of frequency illusion bias of course, people tend to ignore the "hot single moms in your area" or super general ads with less impressive targeting)

Plus some psychology.

An average user with an adblock gets hundreds, maybe even thousands of ads every day, for new cars, clutch replacements, diapers, washing detergent, shadow raid vpn, local political party, mcdowells, kentucky fried pizza, sex toys, 1:9 baluns, cisco console cables... and they don't even notice most of them.

And then something happens, your washing machine fails, you talk about it, open google, get ads for tampax, ignore them, find service, fix it and forget about everything. Then you watch stranger things, google the reviews, get an ad for yard fences, ignore that and forget about that too. Then you talk with your wife how you're out of detergent, turn on youtube and get a detergent ad... "wait, we were just talking about that? how did they know?! microphones, spying, conspiracy!".

This could be some variation of Baader-Meinhof phenomenon: https://en.m.wikipedia.org/wiki/Frequency_illusion

It doesn't. Maybe try with something more obscure. It is a phenomenon called frequency bias (it has different names)

I often hear different variations of this story, but I have never seen it well documented. I have not seen an online ad in over three years since I switched to Graphene OS without any adware on my devices.