Yes, I probably should have said "listening." I edited.

you'd implement it so that each group is compartmentalized and no one can confirm the whole of the story, and only a single digit number of people know the full truth. one exec, one lawyer, one software engineer. and it'd have to be the software engineer dealing with releases, so they can modify the code last minute before it gets submitted. this presumes the CI system is unable to send apps to -Apple/Google itself, so it still has to be run by hand on your laptop (for some mysterious reason). if the code in the repo isn't able to do real-time monitoring, and if the data that gets sent to the ads team is inteltionally delayed and sufficiently anonymous that they can't tell by looking up past reports that theres real time surveillance happening, then everyone else involved could be vehemently asserting what they know, but which doesn't match the reality after the fix is put in.

I don't actually believe this, mind you, but theorizing on how you'd pull something like this off, the answer is compartmentalization.

All it would take on iOS is an innocent looking bug buried somewhere deep in any number of subsystems that make it so that the red dot for recording doesn't go on as often as it should. just a totally accidental buffer overflow that makes it fall to set the recording active flag when called a certain way. The XZ thing was down to a single character, and that's one of the most watched projects in the world. A latent iOS bug that no one's looking for

Again, not saying I believe this is even happening in the first place, just that it's not technically impossible, just highly improbable.

I don't think any such conspiracy or secret-keeping is required; one need not attribute any of this to malice which can be attributed to incompetence. There already exists a system, on everyone's phones, which is listening to audio at all times, occasionally activates in response to a wake word and runs search queries and such from it. The point of this system, when used properly, is intended to take a recording of your voice, transcribe it into text, send it into a search engine, associate the query with your account and search history and use it to influence ad preferences in response to future queries. The functioning of this system involves sending data through an opaque and complex chain of custody, sometimes involving third parties, which - even if intended to comply with privacy and security protocols - could easily be mishandled either maliciously or accidentally, as happens in software development all the time. This includes but is not limited to:

1. The occasional false positive response to a wake word that wasn't really a wake word, causing search queries to be run that you didn't intend.

2. This data being accidentally mishandled behind the scenes in Apple's servers in some way, such as developer error leading to the data accidentally landing in the wrong folder, being labeled with an incorrect flag in some database somewhere, or otherwise being given the wrong level of sensitivity.

3. This data being deliberately "correctly-handled" behind the scenes in Apple's servers in some way that users wouldn't like, but technically agreed to when they first used the phone.

4. This data being used for valid "QA" purposes that, for all intents and purposes, include situations that user would probably not be comfortable with, but also technically agreed to.

5. An unforeseen security vulnerability affecting any part of this process.

6. Malware on the phone interfering with any of the above.

7. Not-quite-malware that you agreed to install, doing things you're not quite happy with but technically agreed to, which is somehow in the loop of any part of this process.

Again, we can debate all day which of these are true - hopefully none of them are true. But we're talking about software development here, where these sorts of things happen on a daily basis. None of this is "they faked the moon landing" kind of stuff, and all lead to the same result from the standpoint of user experience.