
Some Android apps are using ultrasonic beacons to track users - vezycash
https://www.bleepingcomputer.com/news/security/234-android-applications-are-currently-using-ultrasonic-beacons-to-track-users/
======
donclark
062115 - How to Manage Android App Permissions to Protect Your Privacy
[http://thehackernews.com/2015/06/android-permission-
manager....](http://thehackernews.com/2015/06/android-permission-manager.html)

beacon-blocking Chrome extension and sample Android (research prototype)
patch: [http://ubeacsec.org/#Downloads](http://ubeacsec.org/#Downloads)

Silverdog Chrome Extension [http://www.thewindowsclub.com/silverdog-chrome-
extension-mit...](http://www.thewindowsclub.com/silverdog-chrome-extension-
mitigates-ultrasonic-tracking)

Disable Beacon monitoring on a condition in Application
[http://stackoverflow.com/questions/34486930/disable-
beacon-m...](http://stackoverflow.com/questions/34486930/disable-beacon-
monitoring-on-a-condition-in-application)

050217 - [https://www.wired.com/2017/05/hundreds-apps-can-listen-
beaco...](https://www.wired.com/2017/05/hundreds-apps-can-listen-beacons-cant-
hear/)

110316 - [https://www.wired.com/2016/11/block-ultrasonic-signals-
didnt...](https://www.wired.com/2016/11/block-ultrasonic-signals-didnt-know-
tracking/)

Beacon: Phone Tracker
[https://www.aptoide.com/app/com.fibercode.beacon/beacon-
phon...](https://www.aptoide.com/app/com.fibercode.beacon/beacon-phone-
tracker)

~~~
harryf
Don't think permissions don't really protect you from this.

AFAIK you don't need permission to _play_ sounds at least for foreground apps.
So that means in a public space, it doesn't matter if your mic is disabled -
if anyone _else_ gave permission for an app to use the mic, their phone hear
your phone transmitting ultrasound, allowing you to be tracked.

~~~
harryf
PS that first sentence was supposed to read...

"Don't think permissions really protect you from this."

------
IshKebab
> The only good news found in this research was that after searching TV
> streams from seven different countries, researchers failed to discover any
> ultrasonic beacons

Would that even work? I'm pretty sure modern digital TV audio compression
totally removes sound that is vaguely close to 'ultrasound'. I guess maybe
smart TV apps could add the signal though, but why would they when they
already know what you are watching?

It reminds me of a website for one of those annoying 'Mosquito' anti-loitering
devices. The sound was provided as an MP3, which was of course totally
filtered out by the compression resulting in a totally empty file.

~~~
Yetanfou
They'd do it to connect profiles between the TV (which knows what you're
watching) and any mobile devices within ultrasound reach (i.e. line of sight)
of the TV. Do this a few times and it quickly becomes clear which phone is
usually within range of the TV, and with that the profiles can be merged,
giving a broader view of the user behind these devices.

The solution is simple: don't get a 'smart' television. Better still is to
forego on television altogether but if you insist on having canned
'entertainment' (panem et circensis) beamed into your domicile make sure to
use as dumb a device as possible. Any smarts you require can be added
separately, the thing does have external inputs after all. As an added benefit
you won't be stuck with a 'smart' TV running yesteryears OS on under-powered
hardware while the display and sound system are still good for many years.

~~~
chadgeidel
I'm with you on not getting a 'smart' TV, but this comment reeks of elitism:
"Better still is to forego on television altogether but if you insist on
having canned 'entertainment' (panem et circensis) beamed into your domicile"

What if I want to play games, watch movies, or just sit down and otherwise
enjoy myself? Is everything that comes on a screen an unnecessary diversion or
is it just a screen of a certain size?

~~~
Yetanfou
In what way is it 'elitist' to dislike the pablum ditched out by television
channels? Strange, the way things go. It used to be that those who did not
have a television set were seen as backwards but now it seems to be the
opposite.

I never liked television programming, not as a child, not as an adult. There
is nothing elitist about it, I just like doing things myself.

BTW, the mere fact that you're replying to a message I submitted to this forum
should tell you it I do not consider _everything that comes on a screen an
unnecessary diversion_ , given the fact that the probability of me using a
screen to read and enter text here is rather high. Television is quite well-
defined as being a medium designed for mostly passive consumption of
entertainment and information. It is the combination of hardware and a whole
industry to provide programming to animate those screens. It is the latter,
the industry and its products, which I dislike. The hardware can be quite
useful.

------
dvfjsdhgfv
Does anyone have the link to the actual list? Neither the article nor the
original paper seem to list the tracking apps, they just mention McDonald’s
and Krispy Kreme.

~~~
smilliken
Here's the top apps using silverpush:
[http://mixrank.com/playstore/namespaces/com.silverpush.sdk.a...](http://mixrank.com/playstore/namespaces/com.silverpush.sdk.android/installs?expiration=2017-06-04&sharedby=scott%40deltaex.com&auth=cc51d4e7dcbd7a1a)

Lisnr:
[http://mixrank.com/playstore/namespaces/com.lisnr.sdk/instal...](http://mixrank.com/playstore/namespaces/com.lisnr.sdk/installs?expiration=2017-06-04&sharedby=scott%40deltaex.com&auth=e0bd45ca91bc2250)

And shopkick doesn't appear to be for Android. If someone has a link to the
docs I can double check.

~~~
wccrawford
I just saw an ad for Shopkick yesterday on my Android. And this site says it's
in Android.

[http://app.shopkick.com/wr2/6Z48W52-6Z6LIDX](http://app.shopkick.com/wr2/6Z48W52-6Z6LIDX)

Unless it's something else with the same name.

------
chii
This is why apps that shouldn't need the mic or speaker but still require it
should not be installed.

Permissions on an app should be checked carefully by a user, and users should
be educated in this!

~~~
strmpnk
That model is backwards. If there is one thing iOS got right, it's the
permission prompt. Nobody reads those lists and it's hard to know what the
intent is without context in the app.

Having the app ask on first use makes much more sense. It's much less likely
to get away with this. Even better, you can still use the app if you say no.
It will just get dummy values back.

~~~
dtech
This works the same since Android 6 (2015)

~~~
ClassyJacket
Only on apps that target Android 6 however. They couldn't retroactively apply
it. Just build your app targeting Lollipop and you get all the permissions you
want. Plus their app store isn't as strongly vetted, so apps can refuse to
work if you don't grant a bullshit tracking permission.

~~~
0x0
This I never understood. Couldn't they just supply the app with empty lists
and black pixels for restricted APIs until the user approved the permission?
iOS managed to do this retroactively just fine.

~~~
s73ver
I don't think iOS did it retroactively. It's just that, since so many more
people actually update (because they're not at the mercy of their carrier),
devs update their apps more often.

~~~
0x0
I believe you are incorrect. iOS have introduced more and more permissions
(most recently, for iOS10 a permission prompt appears for apps trying to
access the built-in media library, whereas this was a silent free-for-all in
earlier versions), and existing apps are not grandfathered in. According to at
least [https://www.macrumors.com/2012/06/14/apple-requires-user-
per...](https://www.macrumors.com/2012/06/14/apple-requires-user-permission-
before-apps-can-access-personal-data-in-ios-6/) apps will just receive
empty/dummy data until the permission is granted. From my personal experience,
camera APIs return black pixels until the permission has been granted, even
for apps that were released when iOS 5.0.0 was the latest version and never
updated since.

------
mdekkers
It is these kind of "behind your back" shenanigans that will quickly force
governments to move to regulating the industry, giving rise to a whinging
chorus of "leave us alone" from the industry. An industry that has shown
itself to be utterly untrustworthy, sneaky and aggressively invasive.

I see a need for a good, simple, slick and solid interface that allows you to
select what functions an app can and cannot do on your device, be it laptop,
tablet, smartphone, car, whatever.

~~~
hackuser
> these kind of "behind your back" shenanigans that will quickly force
> governments to move to regulating the industry

These kinds of things have been going on for years, and yet the U.S.
government, for one, just reduced privacy protections for consumers.

~~~
mdekkers
_These kinds of things have been going on for years, and yet the U.S.
government, for one, just reduced privacy protections for consumers._

True. I have higher hopes for the EU

------
syphilis2
My first instinct is that the signal probably doesn't need to be ultrasound.
In the same way that my phone will sometimes hear my car radio and falsely
hear, "hello Google", I bet the beacon can just be planted on top of the
signal and match filtered to a decent SNR. Similar to image steganography, it
doesn't need to be perceptible to the listener. Compression issues would
exist, but at least they wouldn't be fighting against the transmission
hardware.

~~~
sp332
But lower volumes would limit the range.

------
tanvach
You don't necessary need ultrasound, but a modulation scheme to put the sound
energy outside of hearing range. Ultrasound can be unreliable since phones
have different frequency response that affects sensitivity. Also compression
tends to apply low pass filter, so overall the range is quite variable.

To combat this, you can add forward error correction code, and have the audio
source transmit data at low bit rate. Also, it's possible to modulate data
using spread spectrum sequence (similar to GPS and ultrawideband) to reduce
the energy below hearing threshold.

The state of the art is not to embed data at all, but use audio
fingerprinting, aka Shazam.

------
tokenizerrr
> Their results revealed Shopkick ultrasonic beacons at 4 of 35 stores in two
> European cities. The situation isn't that worrisome, as users have to open
> an app with the Shopkick SDK for the beacon to be picked up.

Wouldn't it be far easier to just transmit a wifi SSID that encodes this
information?

~~~
bizzleDawg
I suspect they wanted to isolate it so that people walking past a store
wouldn't be counted.

------
Markoff
it's interesting research, but there is no list of apps provided, only thing I
could find it PDF of research is this:

100000+ SMS Messages Moziberg 2.4 1,000,000 – 5,000,000 McDo Philippines
Golden Arches Dev. Corp. 1.4.27 100,000 – 500,000 Krispy Kreme Philippines
Mobext 1.9 100,000 – 500,000 Pinoy Henyo Jayson Tamayo 4.0 1,000,000 –
5,000,000 Civil Service Reviewer Free Jayson Tamayo 1.1 50,000 – 100,000

so from those 5 with significant install base are minimum 3 targeted at
Philippines market, the other two probably too, though they mention India

also note: Within the 1,320,822 Android applications, our scan yields 2 and 1
samples with functionalities of Lisnr and Shopkick, respectively. These
samples are either applications that have been released by these companies
themselves or by other companies officially collaborating with Shopkick or
Lisnr. __The user is thus aware of the deployed technology and needs to start
the audio analysis manually. __

so conclusion is, from 1.3mil tested apps, around 230 have this functionality,
around 5 have significant user base and all of these are in third world
countries (PH /IN). also according research many devices have issues detect
these higher frequencies and they didn't find it working in TV streams or
European shops. also from those 230 in most of them they use technology of
Shopkick and Lisnr where you need MANUALLY start audio analysis. it's
interesting research, but let's keep it in perspective

TLDR: don't give microphone permission to apps which have no use of microphone

------
ungzd
Is it really ultrasound? Microphones on phones may be able to pick this but
what speakers are able to play even 20 kHz?

And these apps should always listen, that will drain battery quickly, so these
apps will be listed in top power-consuming apps and user will notice it.

~~~
Cyph0n
18-19 kHz is usually high enough; smartphone speakers can play that fine from
my experience.

Yes, battery drain is an issue. Most apps use a background service that wakes
up at a fixed interval. The longer the interval, the longer the broadcast has
to be though, so it's basically a trial and error kind of thing.

~~~
MichaelMoser123
Another issue (besides the privacy issue) is that it may be annoying for pets.
Dogs and cats can hear these sounds.

Also the apps on the phone have access to the microphone (even though they
probably do not need this permission for any other purpose), so these apps are
all potential listening devices.

~~~
williamtrask
i'm so glad you said this... made my day

------
psyc
I understand why this sort of thing is uncomfortable, but for the last 15
years or so I've believed that the coming decades will likely see sensors
everywhere, doing every imaginable analysis on everything.

------
mhandley
Shouldn't be too hard, at least in principle, to enable a low-pass digital
filter in the Android audio subsystem. There must already be one there for
anti-aliasing when apps demand 16000 or 8000 samples/second capture. Just need
to leave the 8KHz low-pass filter enabled for the 99% of us that never use the
mike to capture music.

------
dorfsmay
Reading the title, I thought "ultrasonic" was some evil site that paid for
people to use their beacon...

Reading the article, it's actually worse!

This sort if things should be taught in school, don't give an apps permission
to your mic, GPS, camera, contacts, etc... Unless you understand why. Not
everybody will write "hello world" in JavaScript in their life, but most
people will installed apps on a device.

------
npstr
Don't give Microphone permissions to apps that don't need them.

------
esmi
This kind of think has been fairly mainstream since 2014.
[https://en.wikipedia.org/wiki/SilverPush](https://en.wikipedia.org/wiki/SilverPush)
In 2013 there was PC malware that used this technique to jump network airgaps.
[https://arstechnica.com/security/2013/10/meet-badbios-the-
my...](https://arstechnica.com/security/2013/10/meet-badbios-the-mysterious-
mac-and-pc-malware-that-jumps-airgaps/)

------
bri3d
Google Play also pairs with set-top box devices like Roku using an audio
mechanism, although I'm not sure if it's ultrasound. A series of audible
clicks are present while pairing, so I'm assuming it may be a different audio
or environmental-based encoding, maybe even just location -> audio correlation
rather than data modulated over any kind of over-the-air carrier. Does anyone
know more about how that particular setup works? It sounds similar to the
Shopkick app in a lot of ways.

------
Nursie
Sounds a little like one of Powa Technologies ideas before they went boom.

Embed inaudible tones in tv content to sell you stuff. Never saw the appeal.

But as we know the appetite for tracking is endless, foe some reason.

~~~
hnhg
Facebook and Google's advertising revenues can give you some idea of the
reason.

------
aadilmfarooqui
This is quite interesting and shocking too that we can be tracked from these
apps. My question is, if it is so and many tech geeks here have said that if
the mic let's say is irrelevant to the actual context of the application, so
why Android App Store does not block this using AI or any intelligence
techniques?

------
nom
Side project idea: ultrasonic jammer. It's really simple, just use a piezo
speaker and drive it with a small microcontroller (or an analog circuit) to
jam the frequencies they're using.

The only problem is that dogs and other animals won't like it ;)

------
_pmf_
Is there a physical way to deactivate the microphone (on my tablet, I never
use it)?

~~~
dEnigma
The top answer to this question[1] has a few suggestions. The dummy plug idea
is interesting, although it doesn't actually physically disable the
microphone.

[1][https://security.stackexchange.com/questions/47345/surveilla...](https://security.stackexchange.com/questions/47345/surveillance-
blocking-laptops-microphone-from-spying-on-you)

------
deepnet
Some sort of aftermarket high bandpass filter on the microphone will be
necessary.

------
ghostDancer
Would something like taping the micro stop it or the signal would get through
it?

------
faragon
Unethical behavior: let people decide with their wallets.

------
anentropic
should be illegal

------
eecc
how is this not illegal?

~~~
esmi
Probably because it hasn't been litigated yet. However the FTC has issued
warning letters to apps which use similar technique.

[https://www.ftc.gov/system/files/attachments/press-
releases/...](https://www.ftc.gov/system/files/attachments/press-releases/ftc-
issues-warning-letters-app-developers-using-silverpush-
code/160317samplesilverpushltr.pdf)

