Clubhouse, the viral audio-only social media app, is now launching on Android after a year of iPhone exclusivity. Clubhouse is a popular app, even more so because its invite-only ethos adds exclusive appeal—and of course there’s the fact that you could get close to celebrities such as Elon Musk and Oprah, who have both appeared in Clubhouse “rooms.”
Clubhouse started rolling out to Android users in the U.S. and is expanding to reach the operating system’s nearly 2 billion users over the coming months. But ever since its launch and increasingly after its rapid growth earlier this year, there have been concerns about Clubhouse’s security and privacy.
So, is Clubhouse safe so use and should you download the Android app?
Clubhouse: The bad
In April, it emerged that user data including IDs, names, usernames, and Twitter and Instagram handles had been leaked online and posted to an online hacker forum—but Clubhouse said this was not due to a breach, outlining that the information scraped was all publicly available within the app. The Verge reported how Clubhouse CEO Paul Davison described the data referred to as “all public profile information from our app.”
But this does not change that fact that this information was so easily available that it could be scraped in the first place.
“The amount of data Clubhouse collects is more than users may think,” Jake Moore, cybersecurity specialist at ESET, says.
“Remaining invite-only comes with the exclusive touch but this is something that might make it open to abuse,” warns Moore. “Possible payments or the trade of personal data in return for such invites are potentially exploitable. Furthermore, anyone using Clubhouse should remain cautious about what information they offer as well as remaining vigilant about what they say within the app.”
Other security issues are not the fault of Clubhouse itself. If you are an Android user, you will need to look out for signs that the Clubhouse app is genuine. It has already been widely mimicked—in March, ESET researchers found an Android Trojan posing as Clubhouse.
Clubhouse says user privacy and security is a “top priority.”
A Clubhouse spokesperson says: “Our team is continually working to improve the experience and we have launched several privacy centric features over the past few months, including the ability to let users invite friends without giving access to their contact list.
“We minimize the data we need to collect and store about our users and don’t track people between apps or collect other activity from their web usage. We also work closely with the broader security and privacy community, including running penetration testing exercises with NCC and a bug bounty program in collaboration with HackerOne.”
Clubhouse: The good
Some of Clubhouse’s security issues have been resolved. This was helped by research from the Stanford Internet Observatory (SIO), which found a user had been streaming audio feeds and metadata from Clubhouse to another site.
Clubhouse told me that recording or streaming without the explicit permission of the speakers is against the Clubhouse terms of service. “The company has trust and safety procedures in place to investigate and address any violation of these rules, which may include suspension or removal from the app.”
Previously, you had to provide Clubhouse with access to your contacts in order to use the app—not great for your privacy, or that of others.
As of March this year, an update means you can invite friends to Clubhouse without having to open up your address book, but as Vox explains: “If someone else uploaded their contacts and your phone number is in them, they’ll still get that alert that you joined the app whether you upload your contacts or not.
“There’s no way to pre-emptively block a user in the onboarding process to prevent this, and blocking someone on Clubhouse doesn’t stop them from seeing your profile anyway.”
Another security issue, now fixed, could have allowed an attacker to lurk and listen in a Clubhouse room undetected.
Should you use Clubhouse’s Android app?
Sure, Clubhouse collects a lot of data, but it is a new app that will probably struggle with security and privacy issues for some time. It’s clear Clubhouse wasn’t built with privacy in mind but nor were many other apps that have recently shot into the mainstream, and at least it is now trying to improve. That’s without even considering well-established apps such as the likes of Facebook, one of the most data-hungry apps out there. Clubhouse is no worse.
Yet Clubhouse’s popularity might even be fading, as others such as Facebook and Twitter launch similar features. Downloads of the app have declined recently, after a spike at the start of this year, and Clubhouse must be hoping the Android launch can change that.
So taking all of this into account, should you use Clubhouse? It’s up to you but if you really want to, there are some steps you can take to be more secure. Firstly, ensure you are using the real version of the app—it’s invite-only so make sure the invite is from someone you trust. Also watch out for the permissions it asks for and be careful what you grant.
When using Clubhouse, if speaking, treat it as if anyone could be listening, and don’t share any information you wouldn’t feel comfortable with writing online.