SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
TOP Security!
5 May 2017

Hundreds of apps using ultrasonic signals to silently track smartphone users

There are plenty of privacy-invading marketing ploys to worry about in life. Some examples are in your face, some are more subtle. And a relatively new kind manages to be outright invisible.

In the most inconspicuous hustle of all, apps have increasingly incorporated ultrasonic tones to track consumers.

They ask permission to access your smartphone microphone, then listen for inaudible “beacons” that emanate from retail stores, advertisements, and even websites. If you’re not paying attention to the permissions you grant, you could be feeding marketers information about your online browsing, what stores you go to, and what products you like and dislike without ever realizing it. There are certainly legitimate uses of “ultrasonic cross-device tracking” technology. Some apps are part of rewards programs that automatically offer customers promotions when they visit particular stores.

Others facilitate ticketing at events like sports games. But plenty of apps deploy it without so clear a use case, at least as far as direct benefits for the person who downloads them. In fact, research presented last week at the IEEE European Symposium on Security and Privacy found 234 current Android applications that incorporate a particular type of ultrasonic listening technology.

That doesn’t quite constitute widespread distribution, but the infrastructure to support it has landed in more and more apps every year. And there are many mainstream examples, like the Philippines versions of the McDonald’s and Krispy Kreme apps. That doesn’t mean these apps have the function turned on, necessarily, but they are ready to support it at any time.

Beacon technology is also showing up in more physical locations. While the researchers didn’t find any ultrasonic tones being broadcast out on a sampling of television programming from seven countries, they did find that four of the 35 retail stores they visited around Germany did have beacons installed. “It was really interesting to find beacons at the entrance of some stores in two German cities,” says Erwin Quiring, a privacy and Android security researcher who worked on the study. “It affects all of us if there’s some kind of privacy invasive technique we don’t know about and which runs silently on phones.”

It’s also easy to accidentally submit to ultrasonic beacon tracking. All it takes is granting microphone permissions absentmindedly. And because device microphones can “hear” beacons even without a mobile data or Wi-Fi connection, the tracking can work even when you’ve disconnected your phone from the internet.

Not only that, but because these apps could be listening for beacons all the time, there’s also a risk of incidental data collection. Most companies that develop and/or use this “ultrasonic cross-device tracking” technology say that they don’t store any records of audible sound, they’re only listening for particular high-frequency pitches. But as with any “always on” sensing technology, the door is open for misuse. Fortunately it’s easy to monitor what’s accessing your phone, and stay in control if you’re wary of all this dog whistlin’.

Since you can’t stop beacons from emitting these frequencies around you, the best option is to reduce the chance that your smartphone can listen for them and feed data to a third party. The researchers suggest simply assessing the privileges you’ve granted your apps to make sure they make sense. Skype wants microphone access? Sure! An app for some clothing store? Probably not. Common sense works best here.

On Android 7, navigate to Settings, then to Apps. Tap the gear icon in the upper right, then tap App Permissions to see and edit the privileges you’ve granted each app. And on iOS 10 go to Settings, then Privacy, then Microphone to see which apps have requested access, and which ones you’ve granted it to.

Separately, researchers have also developed a beacon-blocking Chrome extension and sample Android patch in an attempt to give consumers defense tools, and raise awareness of how operating system/browser developers could build protective features. But even without these measures, it’s important that beacon tracking not just be out of earshot, out of mind. By paying attention to what apps ask you for, you can figure out a lot about what’s happening behind the scenes.


Download SafeUM — communicate privately, without advertising and spam.

Tags:
surveillance Android
Source:
Wired
1776
Other NEWS
3 Jul 2020 safeum news imgage An encrypted messaging service has been infiltrated by police
4 May 2020 safeum news imgage Two-Factor Authentication ​What Is It and Why You Should Use It
12 Dec 2019 safeum news imgage Encryption is under threat - this is how it affects you
4 Nov 2019 safeum news imgage Should Big Decisions Be Based on Data or Your Intuition?
7 Jun 2018 safeum news imgage VPNFilter malware infecting 500,000 devices is worse than we thought
4 Jun 2018 safeum news imgage Hackers target Booking.com in criminal bid to steal hundreds of thousands from customers
1 Jun 2018 safeum news imgage Operator of World's Top Internet Hub Sues German Spy Agency
30 May 2018 safeum news imgage US says North Korea behind malware attacks
29 May 2018 safeum news imgage Facebook and Google targeted as first GDPR complaints filed
25 May 2018 safeum news imgage A new reason to not buy these cheap Android devices
24 May 2018 safeum news imgage Flaws in smart pet devices, apps could come back to bite owners
23 May 2018 safeum news imgage Google sued for 'clandestine tracking' of 4.4m UK iPhone users' browsing data
21 May 2018 safeum news imgage LocationSmart reportedly leaked phone location data onto the web
18 May 2018 safeum news imgage The SEC created its own scammy ICO to teach investors a lesson
17 May 2018 safeum news imgage Thieves suck millions out of Mexican banks in transfer heist
All news
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015