
More Android phones than ever are covertly listening for inaudible sounds in ads - djsumdog
https://arstechnica.com/security/2017/05/theres-a-spike-in-android-apps-that-covertly-listen-for-inaudible-sounds-in-ads/
======
izacus
ArsTechnica unfortunately again misleads people due to limited expertise.

On modern Androids (6.0+) accessing the microphone requires an explicit
permission granted by user (just like on iOS). Furthermore, due to Doze mode
implemented in 6.0 and expanded in 7.0 running these kind of services without
notifying the user cleary (with permanent notification) has become pretty much
impossible and unreliable. To run in background when the phone isn't in active
use the service needs to be marked "Foreground" which demands a permanent
notification.

Having said that - Google is failing here in several ways. First, they STILL
let apps be published that don't target Android 6.0. Apps that target older
Androids get permissions granted at install time (those can be revoked, but
user needs to go to settings for that). There's no reason to let people
publish new apps that don't adhere to new permission model, but Google just
doesn't care.

They also need to clearly mark use of system resources in the background -
just like we have the GPS icon, we need a clear indication of active
microphone, speaker and other hardware modules while running in the
backgorund.

~~~
cwyers
Nearly 2/3rds of Android phones that have accessed the Google Play store in
the week leading up to May 2nd are not on Android 6 or later:

[https://developer.android.com/about/dashboards/index.html](https://developer.android.com/about/dashboards/index.html)

~~~
izacus
I'm not sure what you're comment is trying to say - TARGETING a new API
doesn't meant you don't SUPPORT an older API. It just determines backwards
compatiblity behaviour. We currently release a product that supports Android
4.1 while targeting Android 7.1.

Also this dashboard is hugely misleading for the HN audience - in western
audiences (USA, Canada, EU, etc. - countries HN users are from) we're tracking
~10% devices that are running Android 4.x and more than 40% devices running on
Android 6.0 with additional 15% on 7.x - meaning more than half of active
western users are running decently modern Android.

~~~
cwyers
What it's trying to say is that this can be a big problem even if it doesn't
affect Android 6 and up. Your own statistics say it can affect up to 45% of
Android users.

~~~
izacus
I completely agree. The Android upgrade situation is a huge and rather well
known issue.

~~~
pjmlp
Not to Google, as they don't care.

Now with Android N reaching 7%,one year later, who do they think will even
bother with Android O?

~~~
on_and_off
I work on a large Android app and we do bother with Android O.

As soon as the sdk will be final we will think about compiling against it and
targeting it.

We are not in a huge hurry, it can skip a release or 2 (we release every 3
weeks). There are no big breaking changes though (unlike let's say
Marshmallow) so as long as the support lib is stable (it needs to match with
compile version) we are going to support it ASAP.

We also have some N features like shortcuts.

~~~
pjmlp
How many customers do you feel will have devices with Android O, given Android
N is around 7% after one year?

~~~
on_and_off
It goes further than that.

First, that 7% figure is the whole Android (with play services) user base,
numbers are pretty different on the dashboard of our general public app.

Secondly, we will start by compiling for O : the supports libraries are only
tested for their corresponding compile version. That way we will be able to
use new support lib features on all Android versions.

Then, we will target O (probably in the same release of the app). It should be
pretty trivial : this is not marshmallow with the new permission system,
system level changes in O are manageable.

For clarification, the build script of an android app separates compile
version (= binary compatibility) and target version (= you handle the new
behaviors of the system like granular permission in M)

By targeting O ASAP we :

\- are potentially able to ship some features based on this release, like
shortcuts for N. Sure, we are not going to spend a lot of dev time on an
O-only feature right now but there are some easy wins. And of course the
install base does not stay small for very long.

-are able to detect potential problems before OEMs start launching flagships with that Android version and we get millions of crashes / day.

There is really no good reason to stay behind.

------
macawfish
I've become totally superstitious (convinced, even) that phones are listening
to more than just ultrasound. There have been too many uncanny situations
where youtube or google have recommended results that were far too specific to
the conversation happening moments before. For example, one time I was telling
my girlfriend about fourier transformations, something she'd never heard of
before. She typed "Fo" into her phone. "Fourier transormation" it suggested.
Maybe this was due to the IP address we were connected through. That alone is
creepy enough as it is. Sometimes I wonder if it isn't something more though.

Facebook messenger and google voice search are my number one suspects. But
moreso, all it takes is a single person in a room full of phones to have
installed an app that's using the microphone unethically, and suddenly
everyone's conversation is being turned into marketing/spy data. Anybody who's
connected somehow to that location is going to be statistically associated
("implicated") with this data.

~~~
scottlegrand2
No common friends, but college girlfriend recommended as potential friend on
Facebook is my creepiest data mining moment ever.

~~~
H4CK3RM4N
I think that works based on location. A few years ago there were reports of
people who shared a psychiatrist being recommended to each other, based on
their frequent visits to the office.

------
mistermann
I'd like to be able to find an Android utility that shows me apps/processes
that are auto-launching in the background and kill them, but my last attempt
yielded two that I tried and blacklisted (a feature it has) some apps, yet
after booting I was still able to force stop them, implying they still had
launched on their own.

Is there any app that actually works for this, or is it somehow not possible?

~~~
baobrain
Not sure if it's exactly what you're looking for, but greenify might do the
trick. You might need root.

Also Android now has the doze feature that should hibernate apps by default
when not used.

[0][https://play.google.com/store/apps/details?id=com.oasisfeng....](https://play.google.com/store/apps/details?id=com.oasisfeng.greenify)

[1][https://forum.xda-developers.com/apps/greenify](https://forum.xda-
developers.com/apps/greenify)

~~~
Markoff
that's quite amusing suggestion considering Greenify is closed sourced Chinese
root app which optionally (only?) report data back to mainland China and dev
worked for some companies producing shady apps, before according his LinkedIn
profile

~~~
voidz
Could you back this up / substantiate your claim, please?

~~~
Markoff
there is option to send some statistics data back to developer, it's opt-in

I am not saying he is actualy sending some other data without permission of
user, but being closed sourced Chinese ROOT app is more than enough to stay
away from it in days of Nougat/Marshmallow making this app pretty much useless
anyway.

------
phreack
This is the work of a library used by certain apps, not of Google (although it
wouldn't surprise me if Google turned out to be doing the same, discreetly). I
think Android should have way clearer notifications that your mic or camera
are being used in the background, like iOS does, even if it may be cumbersome.

~~~
bryanatwood
Yes there should be an icon when your mic is active. I tried to build a
service in Android to do this but there's no API to get whether the mic is in
use or not AFAIK. I ended up disabling mic access for almost all apps, but the
Google App and Google Play Services complain when you do this.

~~~
CoolGuySteve
I'd go even further and light the notification LED the entire time something
is reading the camera/mic from the firmware (such that applications can't
disable it via software). The indicator works well for the webcams on most
laptops.

~~~
Grazester
Notification LED? A majority of phones(in the US) don't come with this and the
ones that do need root permission to access it.

~~~
lemuurd
you are correct, but this was mostly brought up for historical reasons:
researchers discovered an osx malware that after disabling the camera LED on
older macbooks could secretly record the owner.

------
oneshot908
Between this and the recent research paper I read about using the front-facing
camera on mobile phones to track where I'm looking on web pages, I just want
to unplug.

------
jameslk
There's an app called D-Vasive (no affiliation) that alerts of mic and camera
usage on your phone. I've been using it for years, but it's only alerted me in
predictable situations so far. I don't download a whole lot of apps however.
It’s nice to have as a bit of peace of mind.

------
rubatuga
Why does android trust developers so much? Just lock down the apps already,
and make microphone usage obvious.

~~~
vetinari
Android doesn't trust developers. It trusts users - everything has to be
disclosed and users have to agree. It is a open platform, not walled garden.

We have
[https://en.wikipedia.org/wiki/Dancing_pigs](https://en.wikipedia.org/wiki/Dancing_pigs)
problem there.

~~~
rubatuga
Thanks for that, it seems to explain most of the problems security faces
today. It's similar to how social engineering works, for example, even if
someone was told that plugging in a dropped USB stick is dangerous, they may
still do it because of the burning curiosity inside. ( I myself would take a
peek, at least on a sandbox or VM )

------
terminado
Is it possible to damage human hearing with sufficiently loud pulses above
20Khz?

Most search results point to a miniscule wattage delivered by typical
ultrasonic noises, but controlling for wattage, I feel like it might be
possible to overdrive a high-frequency pulse to deliver more wattage in the
same range.

Also, relevant:
[https://en.wikipedia.org/wiki/Cinavia](https://en.wikipedia.org/wiki/Cinavia)

~~~
amelius
I don't know but I would say that if the ear does not pick up the energy above
20khz, then it cannot be harmed either.

~~~
joshvm
Your eyes are also unable to see infrared, or ultra-violet, yet either with
sufficient power will blind you. In fact it's often much more dangerous than
visible light, because the light won't trigger your blink reflex.

Sound is just vibration in the air, and if the pressure is high enough, you're
going to suffer. High frequency ultrasound is used for various medical
treatments, most of which involve localised killing of cells.

[https://en.wikipedia.org/wiki/High-
intensity_focused_ultraso...](https://en.wikipedia.org/wiki/High-
intensity_focused_ultrasound)

~~~
thaumasiotes
>> I would say that if the ear does not pick up the energy above 20khz, then
it cannot be harmed either.

> Your eyes are also unable to see infrared, or ultra-violet, yet either with
> sufficient power will blind you.

Sufficient power delivered by IR radiation can easily set you on fire,
regardless of whether the part of you that's burning was sensitive to light or
not. And UV can do much nastier things.

But it's hard for them to have any effect without depositing energy. It's
absolutely correct that if an ear, or anything else, doesn't pick up energy
from whatever you're throwing at it, it cannot be harmed.

Why worry about hearing specifically as a target for ultrasonic damage? As you
yourself point out, sound can deposit energy regardless of the particular
physical structure it's hitting. Delivering enough IR to the ear will destroy
your hearing, but not because of any property of your hearing or your ears. Is
there reason to believe that ears or hearing are more sensitive to ultrasound
than, say, your nose is?

------
beejamin
Is there any legitimate need for a phone mic to pick up sounds way outside the
range of human speech and hearing? If this sort of thing should not be
allowed, why not just add a software low-pass filter in the front of the audio
input chain? What would the side effects of this be?

------
xenithorb
I wonder what it would take to make an app that does this exact thing and
listens in order to hook into whatever and prevent malicious apps from
beaconing. Also seems useful in order to see if there are any such ads out in
the wild yet.

------
swop
Found some more details on this technology.

[https://github.com/MAVProxyUser/SilverPushUnmasked](https://github.com/MAVProxyUser/SilverPushUnmasked)

------
nom
I wouldn't be surprised if Google, Apple or Amazon are doing (or going to do)
something similar. It doesn't create much traffic at all, a couple of bytes is
enough and they can be tacked on to the data stream without anyone noticing.

Someone should build an ultrasonic detector that can recognize these kind of
packets and have a look how wide spread this technique already is. We could
also need an ultrasonic jammer and ways to add low pass filters to our mics,
like some special tape we can place over it to absorb the high frequencies...
maybe normal duct tape is already enough.. hmmm

~~~
irq
Apple would never do something like this. It's totally against their MO.

~~~
EliRivers
Apple is made of people. People who change, people who come and go. Maybe
Apple today wouldn't, but tomorrow Apple will be a different company.

~~~
p49k
Apple's OS design philosophy makes this extremely difficult, even if someone
wanted to sneak it in. The OS notifies of such activity (mic active) on a
system level, and the permission model requires explicit permission at time of
first access attempt, even for most of Apple's own apps.

~~~
swiley
How could you know this though? There's no source code to audit or anything.

