Slashdot Mirror
Over 200 Android Apps Are Currently Using Ultrasonic Beacons To Track Users (bleepingcomputer.com)
Catalin Cimpanu, writing for BleepingComputer: A team of researchers from the Brunswick Technical University in Germany has discovered an alarming number of Android apps (234, to be exact) that employ ultrasonic tracking beacons to track users and their nearby environment. Their research paper focused on the technology of ultrasound cross-device tracking (uXDT) that became very popular in the last three years. uXDT is the practice of advertisers hiding ultrasounds in their ads. When the ad plays on a TV or radio, or some ad code runs on a mobile or computer, it emits ultrasounds that are picked up by the microphone of nearby laptops, desktops, tablets or smartphones. SDKs embedded in apps installed on those devices relay the beacon back to the online advertiser, who then knows that the user of TV "x" is also the owner of smartphone "Y" and links their two previous advertising profiles together, creating a broader picture of the user's interests, device portfolio, home, and even family members.
I already have a firewall and Hosts file on my phone to inhibit stuff talking to the world that I don't choose, but certain things I want to have 'net data access...
Obviously Android permissions are only so fine-grained and more and more users (particularly of younger generations) accept any of them.
A piece of tape over a webcam is one thing, but to disable a mic, not so easy to open things up nowadays to cut a wire!
But is there a list of these know apps?
Completely useless, alarmist, unactionable article. Name names, dammit.
the growth in cynicism and rebellion has not been without cause
If our grandparents found out that their tv, radio or newspaper were actively spying on them as a standard business practice heads would roll, why do we take it so willingly?
>When the ad plays on a TV or radio, or some ad code runs on a mobile or computer, it emits ultrasounds that are picked up by the microphone of nearby laptops, desktops, tablets or smartphones. SDKs embedded in apps installed on those devices relay the beacon back to the online advertiser, who then knows that the user of TV "x" is also the owner of smartphone "Y"
Imagine you're on your phone and browsing the web. You load one of those ads, and your phone now broadcasts your advertiser-assigned unique ID via ultrasound. OK. Who says it has to be another device YOU own that picks it up?
How difficult would it be to drop listening devices in high traffic areas that listen for those tones, sending location information back to whoever? And that's just to augment other devices that might be infected with a listen-and-report app.
This isn't an advertising tool, it's a ubiquitous surveillance tool for three-letter-agencies that advertisers have discovered. That is, of course, assuming it actually works outside a lab and isn't just an untested fantasy the ad types latched onto.
Anyway, IF phones can both transmit and detect ultrasonic tones (which I question), it's only a matter of time until someone produces a 'secure' phone that has physical filters in line with the speaker and mic wires to filter out anything outside the range of human hearing.
Or pets suddenly attacking their masters when they turn their TV on, when they use their phone, etc.
#DeleteFacebook
Wanted: an app that broadcasts ALL these signals, making them think you've got every product already, so they won't waste their time trying to sell you anything. Or just pollute their data to the point it's useless.
"Transparent" is a shit show that trades on every stereotype going. A man in drag is NOT a transsexual.
Cited research paper:
http://christian.wressnegger.i...
Found via the reddit thread on the same topic, It names a few of the apps, primarily using the SilverPush library.
Why aren't you encrypting your e-mail?
This sounds just a hair too far 'out there' , still that is ugly.
The assumption ( other devices are owned by you) would be false under many circumstances so this tech, if it actually exists would be near to useless for that purpose. There are devices owned by other people in your home, your office , and the coffee shop you go to regularly. Of coarse you might be able to make smart assumptions about a lot of this but the articles 'other devices in your home' is obviously not a simple use case for such a thing. If it exists. Also, exactly how was and when was listening turned on for all these other supposed 'receivers' is it some kind of virus? everyone should turn off background data and update things when they want them instead of living with constant interruptions anyway. ( i think there has been some studies on that , but am too lazy to look them up right now).
then again, about the only time I actually listen to video adds is when watching you tube or other video services.
âoeTolerance applies only to persons, but never to truth. Intolerance applies only to truth, but never to persons.
Who cares? And you've eliminated the Chinese, Russians, Israelis, and basically every competent intelligence agency in the world in your quest for assigning partisan blame domestically.
If they are actually using ultrasonic audio frequencies it won't work with analog FM stereo transmissions. The stereo pilot is 19 KHz so the audio output of the receiver cuts off above 18 KHz. On AM radio transmissions the audio bandwidth is restricted to around 5 KHz. For digital transmissions (TV, HD FM, etc) I suspect the audio is also bandwidth limited.
FTFA noted by mystik above, they are use modulated 18-20K tones. It appears that the phone mics, software and transmission lines can handle these frequencies well enough to encode a small amount of information.
A pulse beacon, if you will.
Faster! Faster! Faster would be better!
Yep, it occurred to a number of people. That's why they're using 18K or so as the frequency. Remember, there isn't a hard wall cutoff here, just a drop in response. If all you're trying to do is send a couple of bytes of information, you can be slow and sloppy.
Faster! Faster! Faster would be better!
According to the article, offending apps seem to be mostly from India and the Philippines. They list 5 "representative apps" with developers:
Application Name Developer Version Downloads
100000+ SMS Messages Moziberg 2.4 1,000,000 – 5,000,000
McDo Philippines Golden Arches Dev. Corp. 1.4.27 100,000 – 500,000
Krispy Kreme Philippines Mobext 1.9 100,000 – 500,000
Pinoy Henyo Jayson Tamayo 4.0 1,000,000 – 5,000,000
Civil Service Reviewer Free Jayson Tamayo 1.1 50,000 – 100,000
TABLE 2: Third-party applications with SilverPush functionality
Lawyers.
Next question!
Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
I'm pretty sure Pandora does this on iPhone also. Last week I was on an artists site and listening to pandora on my phone. All of a sudden a song by that artist was played on a channel that was completely unrelated to that type of music. Kind of odd I thought, as I've had this happen before simply by talking to a friend about a song, and the very next song is the one we had talked about. Or maybe I'm just crazy.
Simply because the cutoff frequency is at 18Khz doesn't mean that a transducer completely stops working at that frequency. The cutoff frequency is the frequency where the response drops 3db below the more-or-less flat lower frequency response, depending on both the mechanics of the transducer and on any added electronic filtering. There will be detectable response far beyond the 15- or 18-khz cutoff frequency, both on the output and input sides of a transducer. And it's not as though the perfect fidelity is required for the purposes under discussion here.
my neighbours, three walls and three windows away, the contractor finishing my basement, the tvisions in the sportsbar. I'm not a hobbit on a mountain-top, I interact with people most of most days, and often never again.
The app permission system makes this a minor issue on Android 6+, just deny any app mic permission if it doesn't have a legitimate need to access the mic. I do wish Android app permissions were more granular at the UI layer like they are in the API (and like they were on Blackberries) but I realize that if you swamp the average user with too much information they'll just run away and not use the features, perhaps give granular control if you've enabled developer mode?
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
If you recently upgraded your TV, that could be why. Seems that dogs couldn't really perceive motion on older TVs because the framerate and resolution were too low. Modern TV's with higher refresh rates and resolution makes it much easier for dogs to perceive it as real, and so they're paying more attention to TV on the whole. There's even a new TV channel FOR dogs.
http://www.foxnews.com/science...
My phone was so slow and the battery went dead so fast, I just did a factory reset on my phone a week ago. It's faster than ever. It's hard to tell which app was at fault, but something was sucking down some serious resources. I'm only reinstalling the necessary apps, and so far I've avoided any "shopping" or food rewards app.
Google should really shut down background apps and make them more transparent when they do exist.
This sounds like a lot of effort to get me to buy Charmin rather than store brand... how do they have enough money to crunch that sort of data set into something they can sell to businesses at a profit? If this was regular govt espionage of some kind it might make more sense.
Either the microphone and speaker hardware/firmware should filter out sub- and ultrasonic sounds, or the operating system or pre-OS-firmware should do it so it's impossible for any user application to get to this data (absent some bug to exploit, of course).
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
So where is the app appers guy now?
Headline still says ultrasonic. Technically incorrect.
Why would the government want to ban its own surveillance program?
Why isn't this fucking ILLEGAL?
Tinfoil hat time, but based on real anecdotal experience.
For the past few months, my laptop speakers have been emitting a quick data "chirp" very sporadically. It's modulated frequencies above 10k, a duration of 0.5 to 0.75 seconds, and it happens on a very irregular basis.
I run a very clean install of Windows 7 Ultimate, and use Firefox with Noscript. I get almost no ads, and have never been hit by a virus or malware (though I get unsuccessful phishing emails often). After hearing the data chirp 10 or 20 times (over the course of weeks), I started eliminating every remnant piece of cruft running in the background as an attempt to figure out who was causing it. I eliminated a lot of printer vendor monitoring services, my VPN client, update services from a host of clients, and just about everything running. The only sure thing was it would happen when my browser was open.
It happened about 10 minutes ago. I read this article beforehand, and I noted to myself that I hadn't heard the chirp in over a week. The only two tabs that were open were GMail and Facebook. And thinking back, in every instance in the past I believe I had a Facebook tab open in a browser tab somewhere.
My guess is that it's either Facebook itself, or one of the ads in it's advertising tray. The ad tray would make sense, and I bet it could be narrowed down to when only a few specific ads were visible - because it doesn't happen every time I'm on Facebook. Only occasionally. But it has never happened when Facebook wasn't open.
Has anyone else heard this recently? Or is it just me? </tinfoil>
Seems that dogs couldn't really perceive motion on older TVs because the framerate and resolution were too low.
Carnivore (predator) pets like dogs and cats tend to be much more sensitive to motion.
They will *perceive* motion on TV, it will just look more choppy and flickering to them.
Just like human where able to perceive motion in silent film era's 12-16fps, in half-rate/dupe-frame 12-15fps animation, or in "shitty low"-fps GIFs.
It looks a lot more choppy, than a 24/30fps or even a 48/60fps.
Or just like human *can* see the flicker of a 60Hz CRT monitor when looked at the periphery of the view (i.e.: where there are more rods - sensors with faster response that are also responsible for the pets better motion sensitivity).
I had my cats recognize and react to things on my old 50Hz CRT, even if *I* could notice the flickering.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
At least Spotify clearly states when it uses ultra-sounds to identify which device is connected to which speaker within which range.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
Tiny speakers are easier to drive at high frequencies because there's so little mass to drive. Also, your assessment is just plain wrong.
The iPhone 3GS and 4, for example, are just as capable of pushing out a 20kHz signal as a 10kHz signal. The iPhone 4 speaker actually is more effective at 20 kHz than at 10kHz.
This story is accurate. Your fact-free analysis of what smartphone speakers can and cannot do is bullshit.
Did anybody stop to consider the fact that speakers and microphones by-and-large are not capable of ultrasound frequencies? {...} It takes specially designed transducers to operate in the ultrasound range.
not optimized for ultra sound (like your car's parking range finder)
!=
impossible to even pick faint ultra sound.
You don't want to perfectly reproduce ultra-sound music for your dog.
You just want "morse-code" level of vague faint ultra sound.
Tiny speakers like the ones in a smartphone are going to hit 18khz at BEST. It's probably closer to 15khz in reality. Even high-end studio monitors only reach 20-22khz.
Yup speaker are mainly optimized for the human hearing range. (mostly in the 10Hz to 15kHz) range.
Yet it doesn't go silent at 15001Hz, just less efficient.
As stated in the article, they use 18kHz : at that frequency it's hard for human to really notice, but speakers are still not so bad, you can at least transmit simple beep-codes.
Regarding microphone : yes, they *are* sensitive at much higher frequencies.
It's hard to do a perfect frequency filter that stops abruptely right at the 15kHz limit.
Much easier to use a microphone that picks way higher than this, but at least doesn't muffle in the audible zone at all,
record it with a ADC at a high sample rate, and then clean the sound digitally.
(That the actually real reason of 192kHz ADC/DAC you see in most pro-level equipment. Not that it makes any sense to keep a 192kHz audio track all the way to the customer. But at least if the recording stage works at a higher frequency, there's less risk of muffling the interesting frequencies or have distrosion that spill out into the audible range).
So a smartphone could pick a bit of 18+ kHz sound (at least something really easy to distinguish, like beep-codes).
Even if it's not optimized to record calls in that range, it's still designed in a way that avoid muffling under the 15kHz range.
This story is complete bullshit.
yet, US communication actually work, and is used in the wild.
When Spotify detect a device logged into your account on the same network, it can use ultra sound to match which device/speaker is connected where - i.e.: it can do ultra-sound pairing.
(It says clearly on the message box that appears).
Chromecast has also been reported to support such ultrasound pairing.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
Unless I'm listening to music, I have the volume on my phone for media turned off. (I love "watching ads to get free stuff" in games. Launch ad, put the phone down, come back after 20-30 seconds of silence, and claim my free stuff.) If I'm right, would this prevent these ads from broadcasting?
My sci-fi novel, Ghost Thief, is now available from Amazon.com.
It's not a real egg. It's just industrial goo. But don't tell Dr. Franklin.
I'll see your senator, and I'll raise you two judges.
I quit watching TV years ago.
Did somebody say LUDDITE ?
http://www.foxnews.com/science
My brain just melted. Or does Fox mean "alternative science"?
No, the chicken came first. The egg was just breathing hard.
Either stop stealing my info, or give me access to all info collected.
I reserve the right to opt-IN, not OUT, of ANY data collection methods, anywhere.
Whether it is in some small print somewhere.
Collection warning should always be widely and easily posted.
Or, all that data needs to be freely and widely available to all private citizens.
(I want more info on that asshole that lives up the street!)
Self-importance and self-indulgence is the root of ALL evil.
I would assume prey would be more sensitive. I'd rather miss a meal than be a meal.
Depends on how much their strategy for escaping the "be a meal" role relies on visual system.
(As opposed to other strategy, like being massive and difficult to kill, etc.)
An Antelope should be able able indeed to spot the approaching big cat, and start to run.
(Then there are evolutionnary compromises :
rod have faster response speed and better sensitivity to low-light condition, but are not colour-sensitive (increasing the risk that a predator could successfully camouflage)
cone have colour sensitivity (but only work in broad daylight).
Also making a visual system generally costs ressource. The better the eye, the more visual processing must be done by the visual cortex, and thus a bigger brain is a requirement).
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]