Slashdot Mirror
Over 200 Android Apps Are Currently Using Ultrasonic Beacons To Track Users (bleepingcomputer.com)
Catalin Cimpanu, writing for BleepingComputer: A team of researchers from the Brunswick Technical University in Germany has discovered an alarming number of Android apps (234, to be exact) that employ ultrasonic tracking beacons to track users and their nearby environment. Their research paper focused on the technology of ultrasound cross-device tracking (uXDT) that became very popular in the last three years. uXDT is the practice of advertisers hiding ultrasounds in their ads. When the ad plays on a TV or radio, or some ad code runs on a mobile or computer, it emits ultrasounds that are picked up by the microphone of nearby laptops, desktops, tablets or smartphones. SDKs embedded in apps installed on those devices relay the beacon back to the online advertiser, who then knows that the user of TV "x" is also the owner of smartphone "Y" and links their two previous advertising profiles together, creating a broader picture of the user's interests, device portfolio, home, and even family members.
No wonder my ears are constantly ringing these days. Turn your f%#king phones off people!
But seriously, how long will advertisers keep this up if there a class action suit accusing them of harrassment by inducing tinnitus were to suddenly rear its head.
Any ambulance chasers lurking on slashdot?
I already have a firewall and Hosts file on my phone to inhibit stuff talking to the world that I don't choose, but certain things I want to have 'net data access...
Obviously Android permissions are only so fine-grained and more and more users (particularly of younger generations) accept any of them.
A piece of tape over a webcam is one thing, but to disable a mic, not so easy to open things up nowadays to cut a wire!
But is there a list of these know apps?
Completely useless, alarmist, unactionable article. Name names, dammit.
the growth in cynicism and rebellion has not been without cause
Why publish a story about bad apps without listing the apps?
If our grandparents found out that their tv, radio or newspaper were actively spying on them as a standard business practice heads would roll, why do we take it so willingly?
>When the ad plays on a TV or radio, or some ad code runs on a mobile or computer, it emits ultrasounds that are picked up by the microphone of nearby laptops, desktops, tablets or smartphones. SDKs embedded in apps installed on those devices relay the beacon back to the online advertiser, who then knows that the user of TV "x" is also the owner of smartphone "Y"
Imagine you're on your phone and browsing the web. You load one of those ads, and your phone now broadcasts your advertiser-assigned unique ID via ultrasound. OK. Who says it has to be another device YOU own that picks it up?
How difficult would it be to drop listening devices in high traffic areas that listen for those tones, sending location information back to whoever? And that's just to augment other devices that might be infected with a listen-and-report app.
This isn't an advertising tool, it's a ubiquitous surveillance tool for three-letter-agencies that advertisers have discovered. That is, of course, assuming it actually works outside a lab and isn't just an untested fantasy the ad types latched onto.
Anyway, IF phones can both transmit and detect ultrasonic tones (which I question), it's only a matter of time until someone produces a 'secure' phone that has physical filters in line with the speaker and mic wires to filter out anything outside the range of human hearing.
Wanted: an app that broadcasts ALL these signals, making them think you've got every product already, so they won't waste their time trying to sell you anything. Or just pollute their data to the point it's useless.
"Transparent" is a shit show that trades on every stereotype going. A man in drag is NOT a transsexual.
Windows 10, Phones, Apps. When will someone start suing these companies or start lobbying to change the laws so the average citizen doesn't get as screwed.
Seem like if you pay good money for a product, it shouldn't be raping you.
Cited research paper:
http://christian.wressnegger.i...
Found via the reddit thread on the same topic, It names a few of the apps, primarily using the SilverPush library.
Why aren't you encrypting your e-mail?
I thought it said android apes are tracking users...
If they are actually using ultrasonic audio frequencies it won't work with analog FM stereo transmissions. The stereo pilot is 19 KHz so the audio output of the receiver cuts off above 18 KHz. On AM radio transmissions the audio bandwidth is restricted to around 5 KHz. For digital transmissions (TV, HD FM, etc) I suspect the audio is also bandwidth limited.
This sounds just a hair too far 'out there' , still that is ugly.
The assumption ( other devices are owned by you) would be false under many circumstances so this tech, if it actually exists would be near to useless for that purpose. There are devices owned by other people in your home, your office , and the coffee shop you go to regularly. Of coarse you might be able to make smart assumptions about a lot of this but the articles 'other devices in your home' is obviously not a simple use case for such a thing. If it exists. Also, exactly how was and when was listening turned on for all these other supposed 'receivers' is it some kind of virus? everyone should turn off background data and update things when they want them instead of living with constant interruptions anyway. ( i think there has been some studies on that , but am too lazy to look them up right now).
then again, about the only time I actually listen to video adds is when watching you tube or other video services.
âoeTolerance applies only to persons, but never to truth. Intolerance applies only to truth, but never to persons.
Did anybody stop to consider the fact that speakers and microphones by-and-large are not capable of ultrasound frequencies? Tiny speakers like the ones in a smartphone are going to hit 18khz at BEST. It's probably closer to 15khz in reality. Even high-end studio monitors only reach 20-22khz. It takes specially designed transducers to operate in the ultrasound range. This story is complete bullshit.
Now, if you'll excuse me, I have backups to corrupt.
You do realize that if your claims are really true, it happened under Obama?
If they are actually using ultrasonic audio frequencies it won't work with analog FM stereo transmissions. The stereo pilot is 19 KHz so the audio output of the receiver cuts off above 18 KHz. On AM radio transmissions the audio bandwidth is restricted to around 5 KHz. For digital transmissions (TV, HD FM, etc) I suspect the audio is also bandwidth limited.
FTFA noted by mystik above, they are use modulated 18-20K tones. It appears that the phone mics, software and transmission lines can handle these frequencies well enough to encode a small amount of information.
A pulse beacon, if you will.
Faster! Faster! Faster would be better!
According to the article, offending apps seem to be mostly from India and the Philippines. They list 5 "representative apps" with developers:
Application Name Developer Version Downloads
100000+ SMS Messages Moziberg 2.4 1,000,000 – 5,000,000
McDo Philippines Golden Arches Dev. Corp. 1.4.27 100,000 – 500,000
Krispy Kreme Philippines Mobext 1.9 100,000 – 500,000
Pinoy Henyo Jayson Tamayo 4.0 1,000,000 – 5,000,000
Civil Service Reviewer Free Jayson Tamayo 1.1 50,000 – 100,000
TABLE 2: Third-party applications with SilverPush functionality
I'm pretty sure Pandora does this on iPhone also. Last week I was on an artists site and listening to pandora on my phone. All of a sudden a song by that artist was played on a channel that was completely unrelated to that type of music. Kind of odd I thought, as I've had this happen before simply by talking to a friend about a song, and the very next song is the one we had talked about. Or maybe I'm just crazy.
Simply because the cutoff frequency is at 18Khz doesn't mean that a transducer completely stops working at that frequency. The cutoff frequency is the frequency where the response drops 3db below the more-or-less flat lower frequency response, depending on both the mechanics of the transducer and on any added electronic filtering. There will be detectable response far beyond the 15- or 18-khz cutoff frequency, both on the output and input sides of a transducer. And it's not as though the perfect fidelity is required for the purposes under discussion here.
my neighbours, three walls and three windows away, the contractor finishing my basement, the tvisions in the sportsbar. I'm not a hobbit on a mountain-top, I interact with people most of most days, and often never again.
The app permission system makes this a minor issue on Android 6+, just deny any app mic permission if it doesn't have a legitimate need to access the mic. I do wish Android app permissions were more granular at the UI layer like they are in the API (and like they were on Blackberries) but I realize that if you swamp the average user with too much information they'll just run away and not use the features, perhaps give granular control if you've enabled developer mode?
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
Confirmed.
All microphones in devices should be frequency limited to the human hearing range to stop this shenanigans.
This is a hardware problem with an easy fix, but needs to be mandated by government.
My phone was so slow and the battery went dead so fast, I just did a factory reset on my phone a week ago. It's faster than ever. It's hard to tell which app was at fault, but something was sucking down some serious resources. I'm only reinstalling the necessary apps, and so far I've avoided any "shopping" or food rewards app.
Google should really shut down background apps and make them more transparent when they do exist.
The Egg came first.
Just one more reason to add to the already gigantic list of reasons why I do not have and do not want ANY so-called smartphone. Any alleged benefits of having one are completely overshadowed by the FACT that it's used to surveil and track people and their habits. Fuck smartphones and fuck them. I'd rather be called a Luddite than this.
Oh, and any assholes who think they're being clever pointing out how many goddamned cameras and microphones and shit are tracking us every goddamned minute we're outside our homes can shove it up their ass because it doesn't mean I'm TAKING it up the ass by having a goddamned smartphone so I can be a goddamned clone playing goddamned twitch-games like the rest of you goddamned clones who have the attention span of a gnat.
This sounds like a lot of effort to get me to buy Charmin rather than store brand... how do they have enough money to crunch that sort of data set into something they can sell to businesses at a profit? If this was regular govt espionage of some kind it might make more sense.
Do you have any software installed, which can't be audited? If so, then you have no reason to suspect that you aren't running malware. Just uninstall anying suspicious. (Where suspicious == closed source.) Even if the malware you're running isn't this one, it's not like some other malware isn't also going to be working against your interests. If you have a problem with ultrasound tracking, then you'd probably also have a problem with GPS tracking, being used to send email spam, bitcoin mining, etc. There's no point in enumerating all the ways someone can use your computer against you, once you have elected to turn control of it over to them.
Just don't run anything for which the software's loyalty isn't clearly YOU. Is this still not common sense, yet? "They just takes care of number one, and number one ain't you. You ain't even number two." -- Frank Zappa
Either the microphone and speaker hardware/firmware should filter out sub- and ultrasonic sounds, or the operating system or pre-OS-firmware should do it so it's impossible for any user application to get to this data (absent some bug to exploit, of course).
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Why isn't this fucking ILLEGAL?
Tinfoil hat time, but based on real anecdotal experience.
For the past few months, my laptop speakers have been emitting a quick data "chirp" very sporadically. It's modulated frequencies above 10k, a duration of 0.5 to 0.75 seconds, and it happens on a very irregular basis.
I run a very clean install of Windows 7 Ultimate, and use Firefox with Noscript. I get almost no ads, and have never been hit by a virus or malware (though I get unsuccessful phishing emails often). After hearing the data chirp 10 or 20 times (over the course of weeks), I started eliminating every remnant piece of cruft running in the background as an attempt to figure out who was causing it. I eliminated a lot of printer vendor monitoring services, my VPN client, update services from a host of clients, and just about everything running. The only sure thing was it would happen when my browser was open.
It happened about 10 minutes ago. I read this article beforehand, and I noted to myself that I hadn't heard the chirp in over a week. The only two tabs that were open were GMail and Facebook. And thinking back, in every instance in the past I believe I had a Facebook tab open in a browser tab somewhere.
My guess is that it's either Facebook itself, or one of the ads in it's advertising tray. The ad tray would make sense, and I bet it could be narrowed down to when only a few specific ads were visible - because it doesn't happen every time I'm on Facebook. Only occasionally. But it has never happened when Facebook wasn't open.
Has anyone else heard this recently? Or is it just me? </tinfoil>
Your mom came first
Seems that dogs couldn't really perceive motion on older TVs because the framerate and resolution were too low.
Carnivore (predator) pets like dogs and cats tend to be much more sensitive to motion.
They will *perceive* motion on TV, it will just look more choppy and flickering to them.
Just like human where able to perceive motion in silent film era's 12-16fps, in half-rate/dupe-frame 12-15fps animation, or in "shitty low"-fps GIFs.
It looks a lot more choppy, than a 24/30fps or even a 48/60fps.
Or just like human *can* see the flicker of a 60Hz CRT monitor when looked at the periphery of the view (i.e.: where there are more rods - sensors with faster response that are also responsible for the pets better motion sensitivity).
I had my cats recognize and react to things on my old 50Hz CRT, even if *I* could notice the flickering.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
At least Spotify clearly states when it uses ultra-sounds to identify which device is connected to which speaker within which range.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
My mom is a chicken, you insensitive clod!
Did anybody stop to consider the fact that speakers and microphones by-and-large are not capable of ultrasound frequencies? {...} It takes specially designed transducers to operate in the ultrasound range.
not optimized for ultra sound (like your car's parking range finder)
!=
impossible to even pick faint ultra sound.
You don't want to perfectly reproduce ultra-sound music for your dog.
You just want "morse-code" level of vague faint ultra sound.
Tiny speakers like the ones in a smartphone are going to hit 18khz at BEST. It's probably closer to 15khz in reality. Even high-end studio monitors only reach 20-22khz.
Yup speaker are mainly optimized for the human hearing range. (mostly in the 10Hz to 15kHz) range.
Yet it doesn't go silent at 15001Hz, just less efficient.
As stated in the article, they use 18kHz : at that frequency it's hard for human to really notice, but speakers are still not so bad, you can at least transmit simple beep-codes.
Regarding microphone : yes, they *are* sensitive at much higher frequencies.
It's hard to do a perfect frequency filter that stops abruptely right at the 15kHz limit.
Much easier to use a microphone that picks way higher than this, but at least doesn't muffle in the audible zone at all,
record it with a ADC at a high sample rate, and then clean the sound digitally.
(That the actually real reason of 192kHz ADC/DAC you see in most pro-level equipment. Not that it makes any sense to keep a 192kHz audio track all the way to the customer. But at least if the recording stage works at a higher frequency, there's less risk of muffling the interesting frequencies or have distrosion that spill out into the audible range).
So a smartphone could pick a bit of 18+ kHz sound (at least something really easy to distinguish, like beep-codes).
Even if it's not optimized to record calls in that range, it's still designed in a way that avoid muffling under the 15kHz range.
This story is complete bullshit.
yet, US communication actually work, and is used in the wild.
When Spotify detect a device logged into your account on the same network, it can use ultra sound to match which device/speaker is connected where - i.e.: it can do ultra-sound pairing.
(It says clearly on the message box that appears).
Chromecast has also been reported to support such ultrasound pairing.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
This could fairly easily be blocked if microphone permission forced everything through a low-pass filter and there was another permission for high-frequency microphone that didn't automatically filter.
And I'm a sensitive cock, you chicken clod.
> Trying to avoid a "lawsuit" by not naming them [...] the lawyers fuck everything up protecting the guilty.
So preemptively name the lawyers. That'll teach them!
Unless I'm listening to music, I have the volume on my phone for media turned off. (I love "watching ads to get free stuff" in games. Launch ad, put the phone down, come back after 20-30 seconds of silence, and claim my free stuff.) If I'm right, would this prevent these ads from broadcasting?
My sci-fi novel, Ghost Thief, is now available from Amazon.com.
So this is reason #6,916 to keep analog speakers.
I can add band-pass filters inline on all my speakers so I can eliminate all sounds not audible to me.
It's not a real egg. It's just industrial goo. But don't tell Dr. Franklin.
I'll see your senator, and I'll raise you two judges.
So, isn't it illegal to intentionally record someone without their permission? If you cause the audio to be generated and recorded across devices owned by different people, don't they both have to consent to the specific recording interaction? Seems like you could frame this in a way that jury would find offensive.
I quit watching TV years ago.
This is why I didn't install the microphone-required version of Chrome, it will be abused by web developers.
I use headphones a lot, so they will never have a current profile of my devices/contacts.
No, the chicken came first. The egg was just breathing hard.
Either stop stealing my info, or give me access to all info collected.
I reserve the right to opt-IN, not OUT, of ANY data collection methods, anywhere.
Whether it is in some small print somewhere.
Collection warning should always be widely and easily posted.
Or, all that data needs to be freely and widely available to all private citizens.
(I want more info on that asshole that lives up the street!)
Self-importance and self-indulgence is the root of ALL evil.
I would assume prey would be more sensitive. I'd rather miss a meal than be a meal.
Depends on how much their strategy for escaping the "be a meal" role relies on visual system.
(As opposed to other strategy, like being massive and difficult to kill, etc.)
An Antelope should be able able indeed to spot the approaching big cat, and start to run.
(Then there are evolutionnary compromises :
rod have faster response speed and better sensitivity to low-light condition, but are not colour-sensitive (increasing the risk that a predator could successfully camouflage)
cone have colour sensitivity (but only work in broad daylight).
Also making a visual system generally costs ressource. The better the eye, the more visual processing must be done by the visual cortex, and thus a bigger brain is a requirement).
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]