While it's possible that malware on your smartphone could record your calls, it's an increasingly difficult technical proposition. Instead, researchers from Texas A&M University and colleagues have demonstrated that it's possible to eavesdrop on phone calls by measuring the tiny vibrations of the ear speaker using a phone's built-in accelerometers and then decoding that data remotely to determine what was said. They call the method EarSpy. From Security Week:
They conducted tests on the OnePlus 7T and the OnePlus 9 smartphones — both running Android — and found that significantly more data can be captured by the accelerometer from the ear speaker due to the stereo speakers present in these newer models compared to the older model OnePlus phones, which did not have stereo speakers.
The experiments conducted by the academic researchers analyzed the reverberation effect of ear speakers on the accelerometer by extracting time-frequency domain features and spectrograms. The analysis focused on gender recognition, speaker recognition, and speech recognition[…]
When it comes to actual speech, the accuracy was up to 56% for capturing digits spoken in a phone call.