Protect Yourself

Take Action Now

Step-by-step guides to protect yourself from surveillance, spread awareness, and support accountability. Start with immediate protections, then explore advanced options.

Protect Yourself Spread Awareness For Journalists For Regulators For Researchers Legal Resources

Protect Yourself Now

Immediate steps for Facebook iOS users. Start with the easy ones.

EASY

Revoke Permissions

Microphone

Settings > Privacy & Security > Microphone > Facebook

Camera

Settings > Privacy & Security > Camera > Facebook

Location

Never

Settings > Privacy & Security > Location Services > Facebook

EASY

Disable Background Activity

Background App Refresh

Settings > General > Background App Refresh > Facebook

Why this matters: VoIP apps like Facebook can wake in the background to receive push notifications. Disabling background refresh limits this capability.

MEDIUM

Consider Alternatives

Use mobile browser

Access facebook.com in Safari or Firefox. No app permissions needed.

Use tracking blockers

Browser extensions like uBlock Origin or Privacy Badger block Facebook tracking.

Delete the app entirely

The most effective protection. Remove Facebook, Instagram, and Messenger apps.

Spread Awareness

Help others learn about these surveillance capabilities.

Share on X

Tweet this investigation

Share on LinkedIn

Professional network

Share on Reddit

r/privacy, r/technology

Email Template

Share with friends and family who use Facebook on iOS:

Subject: Important: Facebook iOS security investigation

---

Hi,

I wanted to share this security research about the Facebook iOS app. An investigation found that Facebook has the technical capability to activate your microphone in under 200 milliseconds without showing any indicator.

The technical evidence includes: VoIP background wake capabilities, audio session category spoofing, and dual-layer encryption for audio data.

You can protect yourself by revoking microphone permissions in Settings > Privacy & Security > Microphone.

Full investigation: https://fb.definitelynot.ai

For Journalists

Resources for media coverage of this investigation.

Press Kit

Complete media resources

Press release, key findings summary, quotable statements, high-resolution technical diagrams, and source attribution guidelines.

Media Contact

Press inquiries

For interview requests, technical clarifications, or additional materials:

security@definitelynot.ai

Story Angles

Technical Deep Dive

How binary reverse engineering revealed hidden surveillance infrastructure

Consumer Protection

What users should know and how to protect themselves

Regulatory Response

FTC complaint and potential legal implications

Platform Trust

How hidden capabilities undermine the App Store trust model

For Regulators

Official disclosures and resources for regulatory bodies.

FTC Complaint

Formal complaint regarding unfair and deceptive practices.

View Complaint

FBI Disclosure

Report on potential federal wiretapping law violations.

View Disclosure

File Your Own Complaint

Links and guidance for filing regulatory complaints.

FTC Report Fraud Portal FBI Tips Portal

For Security Researchers

Reproduce and verify these findings independently.

Reproduction Steps

1

Obtain Facebook iOS IPA

Version 345.0 or later. Decrypt using standard iOS tools.
2

Binary Analysis

Use Ghidra, IDA Pro, or Hopper for static analysis. Focus on audio session APIs.
3

Runtime Instrumentation

Deploy Frida scripts to hook AVAudioSession, PushKit, and encryption APIs.
4

Network Traffic Analysis

Use mitmproxy with certificate pinning bypass to capture audio data transmission.

Tools Needed

Frida

Dynamic instrumentation toolkit

Ghidra / IDA Pro

Binary reverse engineering

mitmproxy

Network traffic interception

Jailbroken iOS Device

For runtime analysis and Frida deployment

View Frida Scripts

For Developers

Warning signs to look for in apps and best practices:

Warning Signs

- VoIP entitlement without voice features
- Audio session category mismatches
- Dual-layer encryption on media
- Metal shaders processing video

Best Practices

- Use minimum required permissions
- Match declared/runtime categories
- Transparent audio session usage
- User-visible recording indicators

Audit Your Apps

- Review Info.plist entitlements
- Hook AVAudioSession calls
- Monitor network for audio data
- Check for steganographic code

Legal Resources

Understanding your rights and legal options.

Two-Party Consent States

Recording conversations without all-party consent is illegal in these states. If you live here, unauthorized audio capture may be a criminal offense:

CaliforniaConnecticutDelawareFloridaIllinoisMarylandMassachusettsMichiganMontanaNevadaNew HampshireOregonPennsylvaniaVermontWashington

Note: Laws vary. Consult an attorney for specific legal advice.

How to File Complaints

FTC Consumer Complaint

Report unfair or deceptive practices.

reportfraud.ftc.gov

State Attorney General

File a consumer protection complaint with your state AG.

Find your Attorney General

Privacy Rights Clearinghouse

Resources for privacy violation complaints.

privacyrights.org

Potential Class Action

If you are an attorney investigating potential class action claims related to these findings, please contact legal@definitelynot.ai for technical consultation.

Stay Updated

Get notified about new findings, regulatory responses, and updates to this investigation.

RSS/Atom Feed Email Updates

For immediate updates, follow the researcher on X/Twitter.

Your privacy matters

Every action you take - from revoking permissions to sharing this investigation - contributes to holding companies accountable for their surveillance practices.

Start Protecting Yourself