Slashdot Mirror

← Back to Stories (view on slashdot.org)

FTC Warns Android App Developers About Use of Audio-Tracking Code

Posted by msmash on from the i-know-what-you-watched-last-summer dept.

Reader Trailrunner7 writes: The Federal Trade Commission is warning dozens of developers about some code they've included in their apps that can surreptitiously listen to unique audio signals from TVs in the background and build detailed profiles of what consumers are watching. The technology, produced by a company called SilverPush, is used to track users across devices and the FTC warned the developers that if they don't disclose the use of the code to consumers, they could be violating the FTC Act. The commission sent the letter to 12 app developers whose apps are in the Google Play Store, and warned them that not disclosing the use of SilverPush's Unique Audio Beacon could be a problem. "For example, the code is configured to access the device's microphone to collect audio information even when the application is not in use. Moreover, your application requires permission to access the mobile device's microphone prior to install, despite no evident functionality in the application that would require such access," the letter says.

49 of 81 comments (clear)

  1. This technology could be used to catch by mmiscool · · Score: 5, Funny

    This technology could be used to catch the unscrupulous people doing unlicensed performances of songs in public places and help protect us all from terrorists.

  2. FYI app list by maestroX · · Score: 4, Informative

    A list of apps using Silverpush is available at: https://public.addonsdetector....
    I'm in no way affiliated with this site.

    1. Re:FYI app list by mlw4428 · · Score: 1

      Most OSes do this. On smartphones, services are used by apps to do things like notifications (Facebook/Instagram/Twitter/etc), keep critical things running (Alarm clocks, timers, etc), and other functions (yes even spying on you). This is done by design, because there's not really a better way of doing it. iOS does it (to some degree) as does Windows Mobile and Blackberry OS. What Google could have done is reviewed such apps and recognized the security risk and demanded disclosure, but the act of having a "service" is hardly an issue.

    2. Re:FYI app list by NatasRevol · · Score: 1

      AC said 'allowing apps' not 'allowing services'. ie Google *should* be reviewing apps before they're allowed into Google App Store.

      --
      There are two types of people in the world: Those who crave closure
    3. Re:FYI app list by mlw4428 · · Score: 1

      AC said "allowing apps to have always running services." I was replying to that...there isn't an alternative to "always running services" that makes sense, given what these apps do and that even iOS allows apps to have services (at least to some degree).

    4. Re:FYI app list by bkr1_2k · · Score: 2

      Or they could just require apps to allow users to turn off unwanted/unnecessary capabilities like this. Why does my GPS app need access to my mail or my songs or my photos? (These are just random examples not specific things from specific apps.) Shit like this should be required to be user configurable.

      --
      "Growing old is inevitable; growing up is optional."
    5. Re:FYI app list by arth1 · · Score: 1

      The interesting find on that list is the McDonald's Phillipines delivery app.
      I wonder what McD has to say about this?

    6. Re:FYI app list by subk · · Score: 2

      A list of apps using Silverpush is available at: https://public.addonsdetector.... I'm in no way affiliated with this site.

      Slashdotted! It's been a while since I've seen that!

      --
      Now, if you'll excuse me, I have backups to corrupt.
    7. Re:FYI app list by Harlequin80 · · Score: 2

      Latest android does this

    8. Re:FYI app list by KGIII · · Score: 1

      Why, in the name of fuck, would you want an OS that does *not* allow services to run in the background?

      Tell me you're not seriously hoping for a blackbox with less control? You know what? Accept some responsibility for yourselves and learn to use your devices and keep them secure. Don't install stupid shit. It really is, for the most part, that fucking easy.

      Read the options menu during install. Read it carefully. If you do not understand it, do not say "fuck it" and install it anyways. Don't install a bunch of pointless apps - most of them are shit. Don't do it. If you use Android, install the damned free and open source store for Android apps - I forget the name... Wait, no... It's F-Droid, I think.

      Don't install the latest fashionable app. Wait and see how it blows over. Read the reviews, research, learn what your phone does and how it does it, and do what you can to keep your shit under your control.

      But, for the love of FSM, don't advocate being locked down and prevented from having useful features. I *want* background processes - like GPS. I just don't want 'em doing stupid shit so I check, carefully, before I install anything. I know... I know, it's shameful to take a little while to decide and make an informed choice. I get it. I understand that it's bad form to learn something and learn how to use the tools I own. But, I suspect the time saved preventing stuff is less time than I'd have to spend trying to get people to give me back my data that they took without my knowledge.

      And yes, yes I have tossed my phone up on wireless with the cellular radio off and sniffed the traffic. I'm kind of curious like that.

      --
      "So long and thanks for all the fish."
    9. Re:FYI app list by KGIII · · Score: 1

      I wonder what McD has to say about this?

      The Hamburgler did it!

      *fat purple thing runs away*

      robble robble robble

      --
      "So long and thanks for all the fish."
    10. Re:FYI app list by Darinbob · · Score: 1

      I wouldn't mind turning all of these off. I don't need notifications for anything except my calendar. If I want to know if there is new email then I will open up the email app. The only other things that send me notifications are built in undeleteable and unwanted apps that keep reminding me to please use them and I'd love to infect whatever developers thought that was a good idea with my head cold.

    11. Re:FYI app list by Darinbob · · Score: 1

      There are some apps that let us turn off notifications which is the only thing they need services for.

    12. Re:FYI app list by Darinbob · · Score: 1

      The apps do this for the same reason that web sites sign up for third party app services - it's free money for zero work on their behalf, and they don't give a shit if it pisses off their users. We're just monetization units to them.

  3. Which apps? by Anonymous Coward · · Score: 1

    Why doesn't anyone list the apps? (or I missed it in reading)

  4. No surreptitious eavesdropping.... by cogeek · · Score: 2

    ...the government hates competition.

  5. Reasons why I don't like the Internet of Things. by Anonymous Coward · · Score: 2, Insightful

    Here's a list of reasons why I don't like the Internet of Things:

    1) Internet of Things devices could listen to me while I sleep.

    2) Internet of Things devices could listen to me while I pee.

    3) Internet of Things devices could listen to me while I make kaka.

    4) Internet of Things devices could listen to me while I pleasure myself.

    5) Internet of Things devices could listen to me while I wash my body in the shower.

    6) Internet of Things devices could listen to me while I relax in the tub.

    7) Internet of Things devices could listen to me while I brush my teeth.

    8) Internet of Things devices could listen to me while I make passionate love to my wife.

    9) Internet of Things devices could listen to me while I brush my hair.

    10) Internet of Things devices could listen to me while I read a book.

    11) Internet of Things devices could listen to me while I read Slashdot.

    12) Internet of Things devices could listen to me while I bake cake.

    13) Internet of Things devices could listen to me while I put in my contact lenses.

    14) Internet of Things devices could listen to me while I get ready to play golf.

    15) Internet of Things devices could listen to me while I do my laundry.

    16) Internet of Things devices could listen to me while I think about rugby.

    17) Internet of Things devices could listen to me while I tie my shoes.

    18) Internet of Things devices could listen to me while I celebrate the 4th of July.

    19) Internet of Things devices could listen to me while I water my flowers.

    20) Internet of Things devices could listen to me while I eat ham.

    21) Internet of Things devices could listen to me while I use my stapler to staple documents.

    22) Internet of Things devices could listen to me while I chew bubble gum.

    23) Internet of Things devices could listen to me while I check the oil in my car.

    24) Internet of Things devices could listen to me while I look for my TV remote.

    25) Internet of Things devices could listen to me while I blow my nose.

    26) Internet of Things devices could listen to me while I rearrange my stamp collection.

    27) Internet of Things devices could listen to me while I listen to the Backstreet Boys.

    28) Internet of Things devices could listen to me while I do my calisthenics.

    29) Internet of Things devices could listen to me while I search for a paper clip.

    30) Internet of Things devices could send information about me to advertisers.

    31) Internet of Things devices could let advertisers use the data unsuspectingly collected about me while I sleep.

    32) Internet of Things devices could let advertisers use the data unsuspectingly collected about me while I pee.

    33) Internet of Things devices could let advertisers use the data unsuspectingly collected about me while I make kaka.

    34) Internet of Things devices could let advertisers use the data unsuspectingly collected about me while I pleasure myself.

    35) Internet of Things devices could let advertisers use the data unsuspectingly collected about me while I wash my body in the shower.

    36) Internet of Things devices could let advertisers use the data unsuspectingly collected about me while I relax in the tub.

    37) Internet of Things devices could let advertisers use the data unsuspectingly collected about me while I brush my teeth.

    38) Internet of Things devices could let advertisers use the data unsuspectingly collected about me while I make passionate love to my wife.

    39) Internet of Things devices could let advertisers use the data unsuspectingly collected about me while I brush my hair.

    40) Internet of Things devices could let advertisers use the data unsuspectingly collected about me while I read a book.

    41) Internet of Things devices could let advertisers use the data unsuspectingly collected about me while I read Slashdot.

    42) Internet of Things devices could let advertisers use the data unsuspectingly collected abo

  6. Re:Reasons why I don't like the Internet of Things by phishybongwaters · · Score: 1

    You forgot #61. Lists with more than 3 items. Jesus

  7. FTC is dissembling by mveloso · · Score: 1

    "this could constitute a violation of the Federal Trade Commission Act"

    What exactly would constitute a violation of the FTC act? Their footnote states

    "Specifically, Section 5 of the Federal Trade Commission Act prohibits unfair or deceptive acts or practices in or affecting commerce"

    What about using SilverPush would be unfair or deceptive?

    The FTC is attempting to assert jurisdiction, but there's nothing here to regulate. Why is the FTC attempting to regulate apps? Why don't they do something useful and regulate adware?

    1. Re:FTC is dissembling by Anonymous Coward · · Score: 1

      It's deceptive that they place you under audio surveillance without making it clear in their privacy policy.

    2. Re:FTC is dissembling by ole_timer · · Score: 1

      Yep. The basis of most settlements with the FTC. Consumer, by the way, includes employees.

      --
      nothing to see here - move along
    3. Re:FTC is dissembling by Darinbob · · Score: 1

      How is it not deceptive? It's listening to what television you watch and then reporting that to some backoffice all without telling you.

  8. Re:You can trust the play store. by Anonymous Coward · · Score: 1

    Hence the FTC telling them that it isn't legal.

  9. cut the hard line, neo by Anonymous Coward · · Score: 1

    I guess now we need a switch that physically disconnects the microphone.

    1. Re:cut the hard line, neo by Anonymous Coward · · Score: 1

      That switch should also physically disconnect the camera.

    2. Re:cut the hard line, neo by UnderCoverPenguin · · Score: 2

      Definitely. Also should have better sandboxing of apps, like finer grain permissions, proxy handling and the ability to substitute alternate resources. For example, a few apps might really make sense to let them see you on-call status, but they don't strictly need more than that. Other apps only need audio mute or attenuation. That could be handled in the audio services rather than by the apps. Then sometimes, one might have a good reason to use an app that request more permissions than one is willing to grant. Resource substitution Could allow that. (Any app that refused to work because it detected a "dummy" resource better have an extremely good reason to need the "real" resource.) One or more (preferably more) alternate contacts resources, for example, would allow users to control what subsets of their contacts each app has access to (for the apps that have a legitimate use for reading your contacts).

      --
      Don't try to out wierd me, three-eyes. I get stranger things than you, free with my breakfast cereal. --Zaphod Beeblebr
    3. Re:cut the hard line, neo by arth1 · · Score: 2

      That switch should also physically disconnect the camera.

      I'm not so worried about someone getting a real close-up of my nipple, but anything using the camera or mic or accelerometer or GPS or IP connectivity when not in the foreground should require an explicit authorization from the user, every time. Google really needs to give users a way to block this. A barndoor wide acceptance without specifics at install time is not good enough.

  10. Re:Visitor from future by Coisiche · · Score: 1

    I would have felt like that trojan lady who knew her city was about to fall, and all the women in the city raped, all the men killed, all the houses burned, but nobody believed her because it was a curse from the gods.

    Known as Cassandra and I would have thought the name was fairly common knowledge given that is was used to name the Cassandra Complex.

  11. Looks like a preemptive warning by Andy+Dodd · · Score: 1

    It appears based on maestroX's post above (which lists Silverpush-using apps) that nearly all of the offending apps on the market are clearly targeted at foreign users - primarily it seems Southeast Asian markets.

    Which is consistent with the FTC's letter saying that no USA programming features the broadcast component of this technology.

    Seems like this is a preemptive "US advertisers had better not use this" warning.

    Also - most of the developers will likely just ignore the FTC due to lack of jurisdiction, as the worst case the FTC could do is have these apps blocked for US users which the developer probably doesn't care about.

    --
    retrorocket.o not found, launch anyway?
  12. Illegal Anyway? by Luthair · · Score: 1

    Seems like it would always be illegal in 2-party states (as people around you aren't consenting) or if the user isn't told about it.

    1. Re:Illegal Anyway? by BradleyUffner · · Score: 1

      Seems like it would always be illegal in 2-party states (as people around you aren't consenting) or if the user isn't told about it.

      It might also be considered copyright infringement against the tv shows, especially if the audio is stored for any length of time.

    2. Re:Illegal Anyway? by cogeek · · Score: 1

      I'm sure it's in the TOU you agree to when you click Install

    3. Re:Illegal Anyway? by PPH · · Score: 1

      I suspect that these apps don't actually record audio. They detect the unique embedded signatures (audio watermarks, etc.) and just forward that data to their servers. This may or may not be legal. But it has yet to be court tested.

      --
      Have gnu, will travel.
    4. Re:Illegal Anyway? by subk · · Score: 1

      They detect the unique embedded signatures (audio watermarks, etc.)

      Which is all poppycock. Neilsen's "psychoacoustic" chirp tones do not work reliably. I am a broadcast engineer. I am blacklisted from being a Neilsen Home. But my mate a few blocks away is not. He signed up, and we played with the device. I won't go into specifics, but you can tell when it hears a tone because it goes about phoning home the telemetry. If it does not catch them, it is basically reporting that you aren't watching the tube. We observed the unit and found it was only catching our station's chirps 25% of the time, but that major national spots (commercials) were recognized much more often. Still not great, though. On the FM radio side, some of my colleagues have hipped me to the black-art of pre-processing your audio so that Nielsen tones "stand out" better in your transmitted signal. Anyway, the reason I thought this was relevant is that if the Silverpush apps work reliably, you can bet its because they are RECORDING! That's the only sure-fire method.

      --
      Now, if you'll excuse me, I have backups to corrupt.
  13. Is the issue limited to Android? by u19925 · · Score: 1

    I am using Android for more than 2 years so I am not anti-Android. However, things like this scare me on Android. Google has very little control on apps, not even to prevent someone violating laws. Up until Android 6, it was not even possible to revoke app permissions. You had to grant all permissions that app requested in order to install it. Many apps used to create fake reasons why they need some permissions. Why do radio app need to dial international number? In iOS, you can configure. On my iOS, I didn't use to turn on location permission until I start navigating. Also, I gave none of the permissions to background app except may be notifications on iOS. It is hard to do fine grain controls like this in Android (I don't know if it is even possible). The fact that FCC had to intervene is a shame on Android.

    1. Re:Is the issue limited to Android? by Locke2005 · · Score: 1

      I bought an S7 to replace my S5. My observations: 1) Finger print scanner is much, much better 2) S7 has no Infrared blaster 3) S7 case is really slippery, meaning adding a plastic case for protection/grip is a necessity 4) iPhone 6S still isn't waterproof and still doesn't have wireless charging; if you want an iPhone, perhaps the iPhone 7 will fix these flaws. Also, currently the S7 has a much faster processor than the A9 in the iPhone 6; we are still waiting to see if the A10 will leapfrog the Snapdragon 820, but I'd still recommend waiting for the iPhone 7 if you _must_ have an iPhone.

      --
      I've abandoned my search for truth; now I'm just looking for some useful delusions.
    2. Re:Is the issue limited to Android? by Anonymous Coward · · Score: 1

      Android from 6.0 has a permission system, so you can just remove anything you don't want the app to access, so your "take it or leave it" no longer applies. Never (at least since a long time) applied to CyanogenMod for example.
      Sure, might make the app crash if it really needs it for example, but if you are on this site I expect you'll be able to handle that and figuring out which permissions are reasonable to give to an app.
      Plus, you can stick to OpenSource apps (possibly even via F-Droid) for a lot of things, much harder to do on iOS.
      And Apple has let quite a few blunders through the app stores, like apps infected with malware (XcodeGhost).
      So I'd re-evaluate your reasons for considering iPhone. I'm sure there are good reasons, but yours seem based on lack of information to a large part.

    3. Re:Is the issue limited to Android? by Alumoi · · Score: 2

      It's doable in Android. Root, install a firewall and DisableService (handy little program which disables services in apps).

    4. Re:Is the issue limited to Android? by subk · · Score: 1

      The answer there, AC, is calm down. And buy a used phone. It's all good, bro. See, you and I are a lot alike. We have the same (basic) needs. But don't cut off your nose to spite your face... Let the Fat, Lazy, Drooling Sacks of Shit who can afford to drop $1000 iPhones in their champagne do so!! It makes the cheaper phones better. You can't tell me there aren't $250 new AND used options that don't fit your basic needs.

      I won't claim it's a direct analogy, but take halo cars for example. Just because I can't afford a Ford GT doesn't mean they should stop making them. The GT's mere existence makes Fiestas and Fusions better in the long run.

      --
      Now, if you'll excuse me, I have backups to corrupt.
  14. Re:You can trust the play store. by Anonymous Coward · · Score: 3, Insightful

    Or have Google prevent background processes from accessing the microphone... DUH!

  15. Re:Big Government by UnderCoverPenguin · · Score: 1

    Actually, this is businesses ignoring regulations.

    --
    Don't try to out wierd me, three-eyes. I get stranger things than you, free with my breakfast cereal. --Zaphod Beeblebr
  16. Re: Reasons why I don't like the Internet of Thing by geekprime · · Score: 1

    Says the guy posting as Anonymous Coward, on a site that dosen't verify any identity you care to assume.

    You have been unintentionally hilarious. And done a good deal towards MAKING his point.

  17. Re: Nice to see FTC actually protecting consumers by Anonymous Coward · · Score: 1

    Why are they not charged and jailed? If I hide a wireless microphome in someones appartment, is a polite mail from FTC what I should expect?

  18. Re:Reasons why I don't like the Internet of Things by GrumpySteen · · Score: 1

    That lengthy list captures that idea perfectly.

    ... and ensures that almost nobody will actually read it, defeating the suggested purpose of posting it.

    What you're doing is just as pointless as any other meme that gets spammed on /. and scrolled past by the users.

  19. Re: Reasons why I don't like the Internet of Thing by jsh1972 · · Score: 1

    62. ??? 63. Profit!

  20. Re:Reasons why I don't like the Internet of Things by KGIII · · Score: 1

    It's not even a remotely original comment. You, or someone, posts the same damned list at least a half-dozen times every month. Sadly, some people have short memories so you might just as well as keep reposting it but don't, please, pretend it's original. It's probably not even your original post. I first saw it ages and ages ago.

    --
    "So long and thanks for all the fish."
  21. Re:Visitor from future by KGIII · · Score: 1

    You don't have to pull it out. That's the whole point of a Trojan.

    --
    "So long and thanks for all the fish."
  22. Modern collective nouns by Threni · · Score: 1

    The Federal Trade Commission is warning ***a dozen of developers*** about some code they've included in their apps

  23. Re:Visitor from future by Darinbob · · Score: 1

    Oh they probably believed Cassandra but they weren't about to let something like that stop them from using all their favorite phone apps!