Android apps secretly tracking users by listening to inaudible sound hidden in ads

“An increasing number of Android applications are attempting to track users without their knowledge, according to a new report,” The Independent reports.

“Over recent years, companies have started hiding ‘beacons,’ ultrasonic audio signals inaudible to humans, in their adverts, in order to track devices and learn more about their owners,” The Independent reports. “Electronic devices equipped with microphones can register these sounds, allowing advertisers to uncover their location and work out what kind of ads their owners watch on TV and which other devices they own. The technique can even be used to de-anonymise Tor users.”

“‘Throughout our empirical study, we confirm that audio beacons can be embedded in sound, such that mobile devices spot them with high accuracy while humans do not perceive the ultrasonic signals consciously,’ reads the report from researchers at Technische Universität Braunschweig in Germany,” The Independent reports. “They found that, while six apps were known to be using ultrasound cross-device tracking technology in April 2015, this number grew to 39 by December 2015, and has now increased to 234.”

Read more in the full article here.

What should be Android's default wallpaper
What should be Android’s default wallpaper
MacDailyNews Take: Ah, the land of iPhone knockoffs. It never ends.

But, hey, you Fragtards think you saved a nickel or something along the way, so… further proof that you’re not a genius (as if that pretend iPhone in your hand isn’t a neon sign screaming “I’m with Stupid” every day of your life).

Hey, dummy, wise up:

If it’s not an iPhone, it’s not an iPhone.

36 widely-used Android devices ship with malware preinstalled – March 14, 2017
The cost of free: More than one million Google Android devices hit by malware – November 30, 2016
Secret backdoor in U.S. Android phones sent location, text, contact data to China – November 15, 2016
Google to pay $5.5 million for sneaking around Apple’s privacy settings to collect user data – August 31, 2016
Cybersecurity researchers: Fitness trackers vulnerable to tracking, privacy breaches – but not Apple Watch – February 2, 2016
EFF files complaint asking for federal investigation; says Google broke privacy pledge, tracked students – December 1, 2015
Tim Cook gets privacy and encryption: We shouldn’t surrender them to Google – June 4, 2015
Apple CEO Tim Cook champions privacy, blasts ‘so-called free services’ – June 3, 2015
How Google aims to delve deeper into users’ lives – May 29, 2015
Apple CEO Cook: Unlike some other companies, Apple won’t invade your right to privacy – March 2, 2015
Edward Snowden’s privacy tips: ‘Get rid of Dropbox,” avoid Facebook and Google – October 13, 2014
Apple CEO Tim Cook ups privacy to new level, takes direct swipe at Google – September 18, 2014
U.S. NSA watching, tracking phone users with Google Maps – January 28, 2014
U.S. NSA secretly infiltrated Yahoo, Google data centers worldwide, Snowden documents say – October 30, 2013
Google has already inserted some U.S. NSA code into Android – July 10, 2013
Court rules NSA doesn’t have to reveal its semi-secret relationship with Google – May 22, 2013
Google Street View cars grabbed locations of cellphones, computers – July 26, 2011
Consumer Watchdog calls for probe of Google’s inappropriate relationship with Obama administration – January 25, 2011
Wired: Google, CIA Invest in ‘future’ of Web monitoring – July 29, 2010
37 states join probe into Google’s questionable Wi-Fi data collection – July 22, 2010
Google Street View Wi-Fi data included passwords and email – June 18, 2010


  1. Interesting. So the main article claims that Apps specific to a particular marketer (Krispy Kreme and McDonald’s are mentioned) were found to perform the ultrasound tracking on Android devices. Reading between the lines doesn’t this also make those same Apps on iOS devices suspect also? More so since iOS Apps are installed w/o the same dialog popping up during App installation listing the permissions you are about to grant if you agree to the install.

    1. you need to give an app permissions to use the microphone or camera… so there is that.

      is some app that clearly doesn’t need a microphone is asking you to use the microphone then somethings must be up.

      1. @Xennex1170: on iOS, you aren’t asked at install-time, you are asked when the app tries to _do_ the thing. So, until you launched the app and it tried to use the microphone, it can’t do anything. Then, it will ask for permission to use the microphone and you can decide “No!”

        1. That’s good.. All iOS users have to worry about then are those Apps that do require the microphone for a legitimate function while also tracking you with the ultrasound.

  2. Don’t get me wrong here, but can Apple Apps do the same thing? If so, how would we mitigate that?

    My perspective, this could be a loophole that Apple and others may not be able to protect, because the vector is outside traditional data leaks. Maybe the simple solution is to not allow any apps to access AVIO, unless necessary and only when the app is active.

    As a community we could test and vet apps requestion AV access, for leaks, in as much as Apple could and should.

    1. Since these Apps appear to be Marketer specific I find it hard to see them get any larger meaningful data unless they all share the collected info. For example, the McD App which is mentioned in the main article as one culprit might primarily be used while in a McDonald’s. The ‘best’ data they can derive from what they collect is when the user visits a McDs and maybe tie it in with a purchase. I highly doubt such Apps specific to marketers are on all the time to provide tracking data over any extended distances.

        1. Yes, but I wasn’t thinking the actual cost of the purchase was somehow ‘read’ from the phone. Since the McD App gives you points for certain purchases, using the App during your purchase would link your time and location, purchase price (internal McD systems), and possibly even the items purchased to your McD App account in addition. When that is considered, the ultrasound ‘tracking’ function may actually be more useful for McD in seeing how far away you were from a McD restaurant when you accessed it and perhaps the time between access and actual purchase of an item at McD.

  3. Most speakers can’t produce ultrasonic sound. Humans can hear sounds in the range of around 20 – 20,000 Hz. Only relatively high-end systems can produce frequencies above or below that range.

    1. IDEALLY humans can hear 20kHz tones. It doesn’t take many years before that range is rather dramatically reduced. I’m in my mid fifties and can’t hear anything much above 15kHz. I guess if your dog perks up its ears whenever a particular ad is displayed you should maybe be concerned?

    2. When loudspeaker manufacturers rate their speakers at something like 20Hz to 20kHz, the small print generally specifies a tolerance, such as +/- 3dB. An important consideration with high quality speakers is having a smooth frequency response with no peaks or troughs.
      At higher or lower frequencies, they don’t abruptly stop working, there is still usually some acoustic output well out of that range, but it will have deviated from the 3dB specified.

      I’ve conducted experiments in the past where a very cheap speaker from a transistor radio was able to output audio tones well into the supersonic range. The tiny speaker in a modern smartphone should be considerably better suited to produce ultrasonic sounds than the conventional speakers that I experimented with.

    3. Just guessing, but I suppose they could mix in some tones at ~17kHz with music or speech. You might not recognize it as more than an odd beep, if you hear it at all, but a phone could digitize it, run an FFT and find a pattern of such tones and recognize them as a code.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.