Could gambling apps eavesdrop on players?

While discussing the use of mobile applications and the delivery of targeted ads on social media, I was recently asked: “Could passive listening technology be used within the gambling industry?”

My immediate thought was yes, of course. Done well it could prove useful to both operators and players. But then another thought occurred to me; if done badly, it could have the potential to destroy a platform and ultimately the brand running on it.

Before delving into that a little deeper, it’s worth discussing the background of passive listening technology, and where we are at today.

Modern mobile applications have many capabilities, and with the ever-expanding functionality of mobile devices those capabilities continue to evolve and develop. In 2016, it was proven technically possible for an Android device to passively listen in on its immediate surroundings. Throughout 2017, there was significant evidence that mobile application developers were using these passive listening capabilities to supply information to ad display networks.

This enables more targeted advertising to consumers, providing more accurate and cost-effective advertising. So, could these capabilities be used for other purposes within gambling platforms?

Listening for good

One immediate use that comes to mind is strengthening the security of an application. Here’s how: a random phrase is displayed that the user then reads back to verify their identity. Used in conjunction, not instead of, a password, this could enhance the security of gaming accounts. But that is an example of active listening. How about passive listening?

Another possible use for passive listening within the gaming sector could be for the detection of habitual gambling. By passively monitoring for keywords or sounds combined with the playing style it could be possible to further enhance protection for players against problem gaming.

This would of course come with a number of issues, most notably the perception, correctly, of intrusion of privacy. There would be further issues around the protection of the data, especially with the General Data Protection Regulation coming into force shortly. Would players accept this from platform providers? Probably not.

When listening is not so Good

Moving towards a more sinister use, could a malicious player harness the listening capabilities of mobile devices to gain an edge on other players?

An evil app developer could easily develop an application that monitors the sounds and patterns of fellow players. This could be especially useful in player to player poker games. Anything that provides an edge over another player could prove valuable. The ability to listen in to other players could certainly provide that edge, but what would it take to actually do this?

It would not be simple. First a popular, well used platform would need to be identified and then the evil player would need to create an application that would be of benefit to fellow players. The players would then need to have the application installed and running for it to work. The malicious player would need functionality within their application that would be able to identify the player, room, platform and other characteristics so that they could join the correct table. Given the complexities involved, would it be worth the effort?

Regardless of the difficulties posed, it is certainly within the bounds of possibility and a targeted attack such as this would provide an edge. It would also damage the reputation of the online gambling brand.

Could the platform use it?

We have looked at two examples of good uses for passive listening, and an example of a more sinister, malicious use. But could the platform itself use the listening capability of mobile devices?

It is hard to think of a genuine reason why a platform would use it in a way that wouldn’t discourage players from using the application and the platform. Of course, as described above, the most logical use would be to enhance security and add further levels of protection for habitual gamblers. But is that all it could do?

There would certainly be potential for targeted rewards and invitations to other areas of the platform that the player may not be aware of based on the application’s awareness of other keywords discovered.

There is potential for it to be used to reduce collusion within games and to aid in customer service issues, but adding a simple talk to text chat. However, in today’s world where privacy is becoming a precious commodity, does it really constitute a positive enhancement for a platform?

I’d side with most probably not.

Peter is the founder and CEO of Hedgehog Security and has been in the Information Security world since 1999. Peter worked as CISO for the Gala Coral Group until 2010 before starting out on his own.