Help Wizard

Step 1

NEXT STEP

A group session took over my speaker

A group session took over my speaker

Plan

Free/Premium premium 

Country Australia 

 

Device iPhone 10

(iPhone 8, Samsung Galaxy 9, Macbook Pro late 2016)

Operating System: IOS

(iOS 10, Android Oreo, Windows 10,etc.)

 

My Question or Issue

I was listening to Spotify through my google home speaker this afternoon - having initiated the session on my iPhone.  I had been listening to one of my Library lists for a couple of hours when suddenly the song that was playing stopped half way through and a completely unknown song (not from my list) started playing. I had not touched my phone or said anything to the google speaker.  So I picked up my phone to see what was going on. It said I had joined a group session with someone named Andrew something. (I don’t remember his last name and I did not recognise his name. He is not connected to me in any way - on Spotify or through any other social media account.). I have never heard of group sessions before so I didn’t know what was happening.  I selected the song I had been playing before from my list but it only played for about 5 seconds before another song unknown to me came on. I tried to play my song again. And then I got a message to say that Andrew had left the group session.  

 

So tell me. How did someone I don’t know start playing music on my Inhome speaker WITHOUT MY PERMISSION? How did he add me to a group session WITHOUT MY PERMISSION? And more importantly - how do I stop this from happening again?? 

 

THIS SEEMS LIKE A SERIOUS BREACH OF BOTH SECURITY AND PRIVACY TO ME. I would appreciate an early response.  

Reply
66 Replies

Hey @kmc2340,

 

Thank you for reaching out to the Community.

 

The group session is a new feature that allows users to listen together in the same room, or listen to the same music remotely. When you're listening through a bluetooth speaker, you have the possibility to share it, so the users that are on the same WiFi network can control what it's playing. Probably, this option was activated by mistake.

 

However, this option can be turned off following this steps:

 

  1. Tap Connect device icon and select the speaker that is currently playing.

  2. Switch the option “Multiple people can join and control this speaker” from on Toggle on icon to off Toggle off icon.

 

With the option toggled off, no one would be able to join your speaker or group session without an invitation.

 

We apologize if this may cause any inconveniences. If you think your account could be accessed without permission, we'd recommend checking this article to Protect your account

 

We appreciate the time you took reporting this and we hope this doesn't affect the overall experience you have had with us.

 

If you have any additional questions, don't hesitate to ask.

OscarDCModerator
Help others find this answer and click "Accept as Solution".
If you appreciate an answer, maybe give it a Like.
Are you new to the Community? Take a moment to introduce yourself!

Heh @OscarDC.

 

Thanks for your reply - a few more notes/questions:


1) In relation to the option to toggle this on/off

- I went to follow your instructions, but did not see the option you referenced to turn listening off for multiple people.  So I went to the iPhone store to check that I had the latest version of the app. I didn’t.  Once I updated the app - I then had the option you referenced off - and have done that.  
- As a result - having not had the option in my app before, I cannot have accidentally have toggles this on.  So I suspect anyone with an older version of the app may have a similar problem. 

2) In relation to someone unknown accessing my speaker - how has his happened?

- Both your comment and the updated app itself suggests that only people on the same wifi network as me can access my speaker.

- But this person was completely unknown to me. They were clearly another Spotify user - it wasn’t a case of someone taking over my account. They were identified as Andrew someone or other within Spotify as though they were in a group session with me.  So how did they take control of my speaker when I don’t know them and they were not on my wifi network.

Please reply and let me know. I am still very concerned about the lack of security and privacy  in this Spotify feature. This is NOT a case of my account being taken over. This was clearly another Spotify user who is unknown to me (and not on my wifi network).  And yet they somehow gained control of my speaker. How??????  


P.S. for the record, having to complete the captcha exercise time and time again when doing a post is very annoying. Getting it right once should be enough. I shouldn’t have to redo it after every edit

 

Hallo?????

I'm currently sitting in a restaurant on a public WiFi network, with my Bluetooth headphones.

 

My phone keeps giving me notifications to connect to someone called Cameron. I don't know this person, and I'm not interested in joining a group session with them. 

 

What I want to know is whose BRILLIANT idea it was (sarcasm) to allow people to just randomly connect to your Spotify account on a PUBLIC NETWORK????

 

FIX IT. This is a massive breach of privacy.

 

And no, I don't have an option to turn this feature off.

My connection was from someone who wasn’t even on the same network.  And I didn’t even get asked - I just somehow found myself in a group session with someone who started playing their music on my home speaker!!!!!!!!  

 

And they haven’t even replied to my questions.  

I’m now looking at alternatives to Spotify because this is too creepy.  

Had the same exact experience. Came home and noticed that someone called Alex was listening on my device called Kitchen Speaker (google home) and I got a pop-up on android to join the session. There was no sound coming from my device until, out of curiosity, I joined the session and got some RUN/DMC playing that I've never played myself. Logged in as admin to check that no random person was on my wifi network, but had only devices that I recognize connected. Clearly a bug and a possible security issue. I've now gone through every device I own to turn off the "Multiple people can join and control this speaker" option. Why would this be turned on by default? Please please Spotify make every new social feature OPT OUT as default to avoid this nonsense! 

 

Hi @damagem,

 

Thanks for reaching out to the Community.

 

Only users who can somehow physically join the network environment of a speaker can control it. This is only possible while the aforementioned option "Multiple people can join and control this speaker" is toggled on.

 

Some speakers and cast devices (eg. Chromecast, etc.) can create their own network for discoverability and connections. To ensure the devices are private, besides disabling the built in Spotify control option, it's best to check network, sharing and discovery settings on the devices themselves. Please keep in mind that this might make some devices invisible for those who haven't paired up with them before, until the settings are adjusted again. We recommend checking the documentation and the available resources for the specific devices on how to modify these privacy settings.

 

The Community is always here if there's anything else you need assistance with.
 

Take care.

YordanModerator
Help others find this answer and click "Accept as Solution".
If you appreciate an answer, maybe give it a "Like".
Are you new to the Community? Take a moment to introduce yourself!

Are you deliberately avoiding answering my question so that you don’t have to admit that Spotify has indeed caused a breach of privacy?  

Your answer to the previous comment suggests that you are either trying to blame this on:

 

a) unauthorised access to a personal network

b) unauthorised access to a google speaker

 

I can confirm that neither of those were true in my case. In relation to the former - we have checked the router logs and there have been no unauthorised devices on the network.  In relation to the latter suggestion, that someone independently took over the google Chromecast speaker - that completely ignores the fact that the Spotify app indicated that the change had happened through a group session in the app. 

I can only assume that you are refusing to respond to this properly because it is a real problem.  I need to reconsider my continued use of your service.  

Hi  @kmc2340,

 

We didn't mean to avoid answering any questions. As there're many users in this thread we just tried to focus on the main topic concerning the Spotify feature.

 

To clarify - Spotify can only grant access to a device if a user willingly has the option to do so turned on and the other user is on the same network. And in the instance of group sessions, again a user needs to willing join one and grant access.

 

We're not sure how the behavior you mentioned occurred, but it's not possible for someone to get access to a device via Spotify without the owner's permission to do so. We've tried to recreate the behavior you described multiple times, but there was always action on our end required before someone could actually connect to a network speaker. We're also not aware of any other similar reports to try and correlate the occurrence and gather more data.

 

If we receive further similar reports, they will be flagged with the proper teams and investigated. For now, following our recommendations from our previous post will ensure your devices cannot be controlled without your permission.

Ver Moderator
Help others find this answer and click "Accept as Solution".
If you appreciate an answer, maybe give it a Like.
Are you new to the Community? Take a moment to introduce yourself!

I'm sorry, but this is literally the minimum response you could have offered - and it doesn't really address anything.

 

I don't know any other program or app that would allow you to connect to an unknown user account on a public network with only an accidental tap of a push notification (which is what happened in my case) - even your own Private Messaging service has a "Are you sure you want to do this?" pop-up!! I had to restart my phone to disconnect from someone listening to their music in a shopping mall, it's just not acceptable - they could have been anywhere.

The new "feature" being tested that allows other users in your area/ network is a gross miscarriage of privacy. If I would like others to listen know what I am listening to, I will tell them. I recognize that Spotify is doing this in the guise of some beneficial "feature", but a secondary outcome of this garbage is going to widen an already divided population. Spotify, you have a short window to correct this error or I will take my business elsewhere.

Thank you for looking into this.

There is definitely something going wrong with the feature. I've checked Chromecast and turned off every broadcast option I could find, but I still come home to find this when I try to connect to my "Living Room speaker" (see attached screenshots). I do not know who this person is and there is no unknown device show on my wifi. This is also after I've specifically gone through every device and turned the "Multiple people can join and control this speaker" option off.  Just to be clear, there is no music coming from my speaker when the other person is "listening", but I can "join the session" or "take over the speaker". If I join I can hear their music coming through my speakers. Please escalate and investigate further as it's quite disconcerting to see this happening after turning all social features OFF.

Screenshot_20220325_2108.jpg

This is exactly what happened to me - well the screen shots and the connection bit.  I too have checked my wifi for intruders and found nobody else there!! 

So glad you documented it. 

 

Chiming in, just had the exact thing happen. Private Home wifi with multiple Google services connected and working correctly. Received notification on my phone that someone started a listening session connected to a Chromecast on my network. No unrecognised devices on my network. No music actually playing on my Chromecast but if I joined the session the music would play through my phone. As the others in this thread, I have serious concerns about the security of this feature.

My roommates google home and PS4 give me the optional to automatically connect to them just because we are set up on the same WIFI connection. This should be optional. Why can I not turn this off?

Seeing very similar behaviour: "Liv is listening" (allegedly) to my Google Cast device. I see exactly the same screenshots as damagem posted.

"Liv" is most certainly not on my LAN; and I (now) have "multiple people can join and control this speaker" off.

Just chiming in. I'll give this a few more days then I'll switch service, at least for now.

Screenshot_20220409-190557_Spotify.jpg

 Adding a screen dump from my phone. Never heard of a "masternils"

Ok moderator. You said “If we receive further similar reports, they will be flagged with the proper teams and investigated.”

 

You’ve now received several similar reports on this thread alone. So what are you doing? 

Suggested posts