Once installed, Shazam automatically begins listening for music,

Most (security-conscious) users probably don’t want Shazam listening all the time. Shazam appears to oblige, seemingly providing an option to disable this listening:

However, sliding the selector to ‘OFF’ did not generate the expected, “Mic was deactivated” OverSight alert.

My first thought was perhaps OverSight had ‘missed’ the Mic deactivation, or contained some other bug or limitation. However testing seemed to confirm that OverSight works as expected.

So is Shazam still listening even when the user attempts to toggle it to ‘OFF’? One way to find out – let’s reverse the app!

The post then goes into how to reverse engineer an app and sure enough, the mic doesn’t get turned off.

Shazam says this is a “feature” but it sounds to me like a huge gaping security hole. When you turn something off, it should go off, especially a listening device!

Source: Objective-See