Hundreds of apps spying on users with ultrasonic tracking technology

Hundreds of apps spying on users with ultrasonic tracking technology

Did you know that advertisers are now using inaudible, high-frequency ultrasonic sounds to track your behavior across devices without your knowledge? It’s a harrowing thought but it is actually happening!

With this method, ultrasonic sounds that can’t be perceived by a human ear are embedded into TV or computer ads. Although these sounds are inaudible to you and me, these high-frequency sounds can be picked up by a smartphone or tablet’s microphone, allowing marketers to pair browser cookies to track a single user’s behavior across multiple devices.

These sounds can come from virtually anywhere – webpages, billboards, posters, cars, sports stadiums, retail outlets, etc.

This is the first seamless way to track a single user’s cross-device activity and it naturally raised some privacy concerns from consumer protection groups such as the Center for Democracy and Technology.

Security concerns

A recent study from the Braunschweig University of Technology in Germany likewise raised security concerns. According to the study, “This side channel allows an adversary to identify a user’s current location, spy on her TV viewing [habits] or link together her different mobile devices.”

The study also revealed 234 Android apps that were created using publicly sourced tracking software code developed for companies like McDonald’s and Krispy Kreme. Unfortunately, the researchers did not release the names of all the tracking apps. At the end of this article, we do have a link in case you want to read the entire study.

These apps utilize ultrasonic sound beacons to access a gadget’s microphone to display location-specific advertising content such as tickets for concerts or product placements. The study notes that several brick-and-mortar stores in Europe already have these ultrasonic beacons in operation.

Shopping apps like Shopkick, which gives its users discounts, uses these beacons positioned at the front of brick-and-mortar stores to detect if a customer has stepped into the store. Some apps and smartphone games are even programmed to access a smartphone’s mic without permission.

Google’s response

In response to these discovered practices, Google has announced that Android apps that are found to be using ultrasonic tracking will be banned or suspended unless they are updated in adherence with the Google Play Store’s updated privacy policies. The new policies now require developers to disclose an app’s ultrasonic features and ask a user’s permission before a gadget’s mic can be used for ultrasonic tracking.

While ultrasonic beacon tracking is not widespread yet, the researchers state it has grown at an alarming rate over the past year, from a mere six apps in April 2015 to the 234 they discovered recently.

“Our findings strengthen our concerns that the deployment of ultrasonic tracking increases in the wild and therefore needs serious attention regarding its privacy consequences,” the researchers concluded.

Click here to read the full study.

Tags: Android, apps, Google, security