Researchers Caution Android Users About Spying Capabilities Of Apps

Researchers from the German Technical University of Braunschweig have issued a caution to Android users about the privacy concerns that apps might be posing on their phones.

They recently found over 200+ Android applications that contain code, referred to as Silverpush, which enables the device to listen for ultrasonic signals embedded in various media.

These apps are going to be constantly listening for inaudible sound (audio beacons) that might be hidden in the background of adverts, and the user will likely not even be aware of it.

It's alleged that a number of companies have started hiding these audio signals in their adverts for several years now. Mobile devices are going to be effective at spotting the signals but humans aren't able to perceive the ultrasonic signals consciously.

The researchers say that if these apps are installed on the device, then the phone could be used to establish the user identity across a number of devices, it could be used to track their location.

And they even suggest that for services like Bitcoin and Tor which most people expect a decent amount of anonymity when using, they say that the code in these apps could DE-anonymize those services.

Researchers also warn that the apps doesn't notify the users of the capabilities, so they aren't likely to be aware of the extra possibility for device tracking because of the app that they have installed. The researchers say that these apps pose a serious threat to the privacy of users, allowing an unprecedented level of spying when it comes to possibly monitoring their daily habits.

Ultrasonic beacons were spotted in various media content and they were able to detect signals in at least 4 out of 35 stores in two cities in Europe. They didn't find any ultrasonic beacons in TV streams they say, from at least 7 different nations. Two companies that they did name which they suggest are using apps that enable this sort of spying, were McDonald's and Krispy Kreme.

When it comes to solutions, they propose:

  • filtering out frequencies that are above 18 kHz in the transmitted audio signal
  • scan for applications for their known functionality of possible ultrasonic side channels
  • set more control over audio recording

The researchers say that their study and resulting paper are an important first step that is being taken against the emerging privacy threat posed by ultrasonic tracking.

With this sort of technology, someone is able to monitor television viewing habits, track the individuals location, and more. They say that a side channel attack to things like Bitcoin will be made possible with this sort of tracking. McDonald's has reportedly responded in saying that they don't use this technology with the UK market. No word yet from Krispy Kreme.

Pics:
Pixabay
TheAtlantic
TheSun
Source:
http://fortune.com/2017/05/07/android-listening/
http://www.independent.co.uk/life-style/gadgets-and-tech/news/android-apps-beacons-tracking-users-inaudible-sound-hidden-adverts-ultrasonic-audio-privacy-phones-a7723871.html
https://www.sec.cs.tu-bs.de/pubs/2017a-eurosp.pdf
https://www.thesun.co.uk/tech/3507251/secret-messages-hidden-in-television-adverts-can-order-smartphones-to-spy-on-people-researchers-warn/

Sort:  

Right, privacy is really an important topic and users of Android or iOS or any device should know what permissions each app is requesting and how it is using that permissions.

Key things to remember:

  • Don't install apps just because they promise you something "for free". E.g. many apps access your Contacts list when they don't need to, simply because many people agree to it without thinking about the danger.
  • Check the permissions you give to any apps you do install and switch off anything that you don't think they ought to have. On Android phones: Settings > Application Manager > Select the app > Permissions > then switch off anything you don't think the app deserves to have or needs to function. In the above case, the apps presumably use the microphone, so switching that off will stop the ultrasonic tracking.
  • For other general privacy tips for iPhone and Android (and other systems), you can go to advice given by DuckDuckGo, the privacy-oriented search engine creators: https://spreadprivacy.com/privacy-tips/home

Oh, goody...one more thing to worry about.

This is alarming....

Thanks for this informative post!

Another very informative post buddy. Too many people are happy to enjoy the positive sides of these new technologies without ever even contemplating the negatives or worse still, being aware of the negatives and working on the basis that it has no affect on them now and will not affect them in future. With the way things are going these days it is possible that something which is perfectly acceptable one day may become unacceptable the next so whilst people may say that if you aren't doing anything wrong you shouldn't have anything to worry about, they may find that tomorrow something they feel is okay today will become not okay and they will be liable to face the consequences under their own accepted doctrine.

There are too many of us unfamiliar with books such as 1984 and the tele-screens mentioned within and with the all pervasive use of technology to control our modern lives and direct our patterns of thought and social consciousness. Unfortunately at this time there are too many more still who simply do not care because they do not see it having a direct affect on their lives.

thanks for the post!

Amazing we are able to manipulate ads on the ultrasonic level but we can not cure hunger.

we dont want people stealing your bitcoins! use bitcoin armory!

I realy like how steemit lets me power up and the power downKEEPS hackers from ever being able to take a DIME from my steemit because i use it everyday and if someone hacked in to a steemit account that was fully powered up in steem power, the hacker would have to stay on yiru account for a whoel week and then only get a fractionof yoru steempower! and so u would have to ignore ur steemit account for a whole week and teh hacker would have to be on there 14 weeks to gete evrything!

You shoudl all be used https://www.bitcoinarmory.com/ for paper wallet storage, and multisig and you need to realize a hacker can look at your printer cache if u print out paper bitcoin wallets from bitaddress.com !

yup I already posted this 2 days ago and yet I only got a $1 and you get $148..........whatever, at least you should all check mine out, I feel I deserve some of your upvotes since I posted this story but 2 days before this! https://steemit.com/technology/@ackza/uxdt-tech-allows-ultrasonic-beacons-from-ads-to-be-picked-up-on-smartphone-mics-and-track-users-even-finding-bitcoin-users-using I feel I should get some of your attention because my article was 2 days before yours ;) what do u say? wanna help me out with some upvotes? I evenedited this comment to be alot nicer lol i was at first like HEy u OWE me some of that steem! And then i was like, can i HAVE some of that steem and theni was like no that sounds too nedy, how about I just ask for some upvotes and some attention? lol i think u will enjoy my feed ii only try to post unique things and no filler