Your Android phone could be listening to ultrasonic ad beacons behind your back. The unwelcome news comes year after app developer SilverPush promised to quit using its (creepy!) eavesdropping software.
But it looks like the privacy-threatening technology — which can track users via an inaudible sound embedded into TV commercials — is more popular than ever. Researchers at TU Braunschweig, a university in Germany, discovered that 234 Android apps were created using SilverPush's publicly available software developer kit, as of January 2017.
The 'Abstract' section of the report noted that device-tracking software like this "enables spying on their habits and activities." It's certainly an increase on the creepy scale, considering only five apps like this were developed using SilverPush software in April 2015. Eek!
It sounds complex, but we'll break it down for you: Ads can have a sound "beacon" embedded in them that you can't hear — sort of like a commercial with some sub-sonic morse code which is played behind the track you're hearing.
Suppose the same company who put out the commercial also has an Android app — what happens then?
Well, when you install the app, it requests permission to access your microphone. You assume all is well with the Android world and tap either "Allow" on Android Marshmallow or higher, or "Accept" when installing it on Lollipop or lower.
Once installed, the app can run in the background, using the microphone to listen for that sub-sonic morse code. Essentially, it will realize when that commercial comes on and could potentially phone home ET-style to let the company know that the commercial reached its targeted audience: You.
However, our resident expert and Gadget Hacks editor Dallas Thomas isn't sure that this practice is "technically illegal in most places," which doesn't lessen the creepiness factor.
Erwin Quiring, a researcher on the case, told Ars Technica:
The example of SilverPush highlights how easily this technology can be used to spy on users. In this way, they can track the TV viewing habits of users precisely even with traditional broadcasting technologies. In our research paper, we identified three further privacy risks that can occur with this technology, e.g., tracking locations, behavior devices, and even the de-anonymization of Tor users.
Fear not, because spying in this way can be prevented for those devices running on Android Marshmallow or higher. But how can you do this? We're feeling generous today, so we'll tell you:
- Go to the "Apps" menu in Settings, then tap the gear icon.
- Head to "App permissions" or use the search function in Settings to find and select "App permissions."
- Select "Microphone."
- Disable the switch next to any app you think shouldn't have permission to access your microphone.
Aaaand voila: Apps will no longer be able to "hear" that sub-sonic audio beacon. So, can get on with your day, secure in the knowledge that your phone isn't acting as a supersonic secret agent to gather info on you. Yay!