Answers without permission or notification
Describe your environment
On November 18, 2020, I installed Jami on my Moto g7 which runs a recent Android. I downloaded it and installed it using Google Play.
Steps to reproduce
I don't know how to reproduce it, after this happened I uninstalled the software because I judged it to be a security risk.
Additional information
I use Arch Linux and I first installed jami-gnome
on my laptop with pacman
.
I created a new account successfully.
Then I installed Jami on my phone. I created a new account on my phone.
I tried call my phone using my laptop. The first time I called myself, the phone played music but there was no visual indication that anyone was calling. I could not figure out how to answer the call.
The second time I tried calling myself from my laptop, the phone appeared to be unresponsive. However, I soon heard a feedback squeal which gradually increased in volume.
I tried saying some things and determined that the feedback was indeed due to the laptop's microphone picking up the phone's speaker, and the phone's microphone picking up the laptop's speaker.
This indicated to me that my phone had answered the call without my permission and without informing me.
I concluded that anyone who knew the username that I had created for my phone, would be able to spy on me by muting their microphone and calling that username. They would then be able to listen to me using my phone without my knowledge or permission.
Since this seemed to be a pretty serious security hole, I uninstalled the app. I apologize for not being able to give more information about the phone environment as the app is no longer installed.
Part of the problem is that the Android operating system doesn't notify me when an app is accessing my microphone or camera. I read that there are apps I can install on Android which help provide better security and give me notifications when my microphone is being accessed. I'm not very knowledgeable about smart phones and prefer to keep my environment simple.
Lately I've been using Signal which seems reasonably stable. It does have the drawback that I cannot call myself to test it out, since it is tied to my phone number and it is difficult to create a second account.