“An increasing number of Android applications are attempting to track users without their knowledge, according to a new report,” The Independent reports.
“Over recent years, companies have started hiding ‘beacons,’ ultrasonic audio signals inaudible to humans, in their adverts, in order to track devices and learn more about their owners,” The Independent reports. “Electronic devices equipped with microphones can register these sounds, allowing advertisers to uncover their location and work out what kind of ads their owners watch on TV and which other devices they own. The technique can even be used to de-anonymise Tor users.”
“‘Throughout our empirical study, we confirm that audio beacons can be embedded in sound, such that mobile devices spot them with high accuracy while humans do not perceive the ultrasonic signals consciously,’ reads the report from researchers at Technische Universität Braunschweig in Germany,” The Independent reports. “They found that, while six apps were known to be using ultrasound cross-device tracking technology in April 2015, this number grew to 39 by December 2015, and has now increased to 234.”
What should be Android’s default wallpaperMacDailyNews Take: Ah, the land of iPhone knockoffs. It never ends.
But, hey, you Fragtards think you saved a nickel or something along the way, so… further proof that you’re not a genius (as if that pretend iPhone in your hand isn’t a neon sign screaming “I’m with Stupid” every day of your life).
Interesting. So the main article claims that Apps specific to a particular marketer (Krispy Kreme and McDonald’s are mentioned) were found to perform the ultrasound tracking on Android devices. Reading between the lines doesn’t this also make those same Apps on iOS devices suspect also? More so since iOS Apps are installed w/o the same dialog popping up during App installation listing the permissions you are about to grant if you agree to the install.
@Xennex1170: on iOS, you aren’t asked at install-time, you are asked when the app tries to _do_ the thing. So, until you launched the app and it tried to use the microphone, it can’t do anything. Then, it will ask for permission to use the microphone and you can decide “No!”
That’s good.. All iOS users have to worry about then are those Apps that do require the microphone for a legitimate function while also tracking you with the ultrasound.
Don’t get me wrong here, but can Apple Apps do the same thing? If so, how would we mitigate that?
My perspective, this could be a loophole that Apple and others may not be able to protect, because the vector is outside traditional data leaks. Maybe the simple solution is to not allow any apps to access AVIO, unless necessary and only when the app is active.
As a community we could test and vet apps requestion AV access, for leaks, in as much as Apple could and should.
Since these Apps appear to be Marketer specific I find it hard to see them get any larger meaningful data unless they all share the collected info. For example, the McD App which is mentioned in the main article as one culprit might primarily be used while in a McDonald’s. The ‘best’ data they can derive from what they collect is when the user visits a McDs and maybe tie it in with a purchase. I highly doubt such Apps specific to marketers are on all the time to provide tracking data over any extended distances.
Yes, but I wasn’t thinking the actual cost of the purchase was somehow ‘read’ from the phone. Since the McD App gives you points for certain purchases, using the App during your purchase would link your time and location, purchase price (internal McD systems), and possibly even the items purchased to your McD App account in addition. When that is considered, the ultrasound ‘tracking’ function may actually be more useful for McD in seeing how far away you were from a McD restaurant when you accessed it and perhaps the time between access and actual purchase of an item at McD.
Most speakers can’t produce ultrasonic sound. Humans can hear sounds in the range of around 20 – 20,000 Hz. Only relatively high-end systems can produce frequencies above or below that range.
IDEALLY humans can hear 20kHz tones. It doesn’t take many years before that range is rather dramatically reduced. I’m in my mid fifties and can’t hear anything much above 15kHz. I guess if your dog perks up its ears whenever a particular ad is displayed you should maybe be concerned?
As a kid, I could hear 20kHz. Until five years ago, I could hear 18kHz. Now I’m same as you mathom. Yes kids, I can’t hear your high frequency ringtones. Enjoy.
When loudspeaker manufacturers rate their speakers at something like 20Hz to 20kHz, the small print generally specifies a tolerance, such as +/- 3dB. An important consideration with high quality speakers is having a smooth frequency response with no peaks or troughs.
At higher or lower frequencies, they don’t abruptly stop working, there is still usually some acoustic output well out of that range, but it will have deviated from the 3dB specified.
I’ve conducted experiments in the past where a very cheap speaker from a transistor radio was able to output audio tones well into the supersonic range. The tiny speaker in a modern smartphone should be considerably better suited to produce ultrasonic sounds than the conventional speakers that I experimented with.
Just guessing, but I suppose they could mix in some tones at ~17kHz with music or speech. You might not recognize it as more than an odd beep, if you hear it at all, but a phone could digitize it, run an FFT and find a pattern of such tones and recognize them as a code.
just because I’m paranoid doesn’t mean they’re not out to get me 😉
Interesting. So the main article claims that Apps specific to a particular marketer (Krispy Kreme and McDonald’s are mentioned) were found to perform the ultrasound tracking on Android devices. Reading between the lines doesn’t this also make those same Apps on iOS devices suspect also? More so since iOS Apps are installed w/o the same dialog popping up during App installation listing the permissions you are about to grant if you agree to the install.
you need to give an app permissions to use the microphone or camera… so there is that.
is some app that clearly doesn’t need a microphone is asking you to use the microphone then somethings must be up.
@Xennex1170: on iOS, you aren’t asked at install-time, you are asked when the app tries to _do_ the thing. So, until you launched the app and it tried to use the microphone, it can’t do anything. Then, it will ask for permission to use the microphone and you can decide “No!”
That’s good.. All iOS users have to worry about then are those Apps that do require the microphone for a legitimate function while also tracking you with the ultrasound.
Don’t get me wrong here, but can Apple Apps do the same thing? If so, how would we mitigate that?
My perspective, this could be a loophole that Apple and others may not be able to protect, because the vector is outside traditional data leaks. Maybe the simple solution is to not allow any apps to access AVIO, unless necessary and only when the app is active.
As a community we could test and vet apps requestion AV access, for leaks, in as much as Apple could and should.
Since these Apps appear to be Marketer specific I find it hard to see them get any larger meaningful data unless they all share the collected info. For example, the McD App which is mentioned in the main article as one culprit might primarily be used while in a McDonald’s. The ‘best’ data they can derive from what they collect is when the user visits a McDs and maybe tie it in with a purchase. I highly doubt such Apps specific to marketers are on all the time to provide tracking data over any extended distances.
Seems like an avenue that bypasses iTouch enclave. No need for fingerprints, because your phone is digitally printed.
Yes, but I wasn’t thinking the actual cost of the purchase was somehow ‘read’ from the phone. Since the McD App gives you points for certain purchases, using the App during your purchase would link your time and location, purchase price (internal McD systems), and possibly even the items purchased to your McD App account in addition. When that is considered, the ultrasound ‘tracking’ function may actually be more useful for McD in seeing how far away you were from a McD restaurant when you accessed it and perhaps the time between access and actual purchase of an item at McD.
Most speakers can’t produce ultrasonic sound. Humans can hear sounds in the range of around 20 – 20,000 Hz. Only relatively high-end systems can produce frequencies above or below that range.
You mean like the 234 high end Android Apps running on Samsung devices that do it now?
IDEALLY humans can hear 20kHz tones. It doesn’t take many years before that range is rather dramatically reduced. I’m in my mid fifties and can’t hear anything much above 15kHz. I guess if your dog perks up its ears whenever a particular ad is displayed you should maybe be concerned?
As a kid, I could hear 20kHz. Until five years ago, I could hear 18kHz. Now I’m same as you mathom. Yes kids, I can’t hear your high frequency ringtones. Enjoy.
When loudspeaker manufacturers rate their speakers at something like 20Hz to 20kHz, the small print generally specifies a tolerance, such as +/- 3dB. An important consideration with high quality speakers is having a smooth frequency response with no peaks or troughs.
At higher or lower frequencies, they don’t abruptly stop working, there is still usually some acoustic output well out of that range, but it will have deviated from the 3dB specified.
I’ve conducted experiments in the past where a very cheap speaker from a transistor radio was able to output audio tones well into the supersonic range. The tiny speaker in a modern smartphone should be considerably better suited to produce ultrasonic sounds than the conventional speakers that I experimented with.
Just guessing, but I suppose they could mix in some tones at ~17kHz with music or speech. You might not recognize it as more than an odd beep, if you hear it at all, but a phone could digitize it, run an FFT and find a pattern of such tones and recognize them as a code.