234 Android Applications Are Currently Using Ultrasonic Beacons to Track Users

Zarathustra[H]

Extremely [H]
Joined
Oct 29, 2000
Messages
40,013
Back in 2015 we reported of a new tracking technology, where advertisers could use ultrasonic transmissions in locations, radio, TV broadcasts, music and apps, picked up by your phone, in order to tie your user account on your phone to these locations/sounds, collecting even more data about you than they already do. Back then we reported that companies with names including SilverPush, Drawbridge, and Flurry were working on ways to pair a given user to specific media and devices. Well, now it is reality. A research paper recently published by a team of researchers from the Brunswick Technical University in Germany indicates that 234 Android apps now have been found that use this technology. The names have changed somewhat (now it's Shopkick, Lisnr, and SilverPush) but they appear to have advanced this technology to the point where it is now widely adopted.

uXDT streams have been found in retail stores and in Android apps, but thus far none have been found in TV broadcasts. This research appears to mainly have been conducted in Europe, though, so we do not know to what extent the technology may have been deployed in the U.S.

Personally, I find this highly disconcerting. In theory I don't mind being tracked anonymously for advertising purposes, but real life is not purely theoretical. The number of ways in which user data can be compromised and abused is staggering, and that only grows as we have less and less of an understanding of who is collecting it, how and when. As was found 10 years ago, just because data has been scrubbed of identifying tags, doesn't mean it is always entirely anonymous. I can't help but feel like the assault on privacy is starting to reach a breaking point.

This number is up from previous scans. For example, a scan of the same data set in April 2015 found only 6 apps using uXDT beacons, while another scan in December 2015, found 39 apps.

The jump from 39 to 234 is staggering, to say the least, especially since some of these apps have millions of downloads and belong to reputable companies, such as McDonald’s and Krispy Kreme.
 
It's not ok but who is going to stop these people from doing it? People seem to think they "NEED" their phones at all times now, and they just don't care what's going on in the background as long as they can see what Kim Kardashian thinks about Ellen's latest episode where she interviews Tom Hanks about his latest movie (The Circle). Funny how that all ties in together and yet go's over among the young and clueless.
 
Maybe that is the reason why iOS is pretty darn restricted ?

Android N is already having the permission on demand restriction, but if you compiled with older SDK, you still able to bypass it.
Google is already on the clean up process. Pretty sure the number is gonna start to decrease as user questions why McDonald apps is using microphone permission.
 
It's likely the McDonalds app is in part targeted at kids. This does seem like it could violate several kid privacy protections. Wonder if the CEO of McDonalds would like to explain to a public Senate hearing why McDonalds feels it needs to spy on kids? And what does Krispy Kreme plan on doing with data on what people watch in the bedroom. Debby Does Donuts anyone?
 
If I understand correctly this needs serious complicity from the broadcasters, maybe even constitute as a criminal offence to embed secret tracking signals in otherwise benign signals.
 
A few years ago, I saw some demonstrations of this in a retail environment, along with many other things. Some of it's downright creepy as fuck. The app runs in the background, they had cameras (Kinect) that knew where you were looking on the shelf and what products you picked up, where in the store you were (using that ultrasonic beacon), face recognition, phone identity (MAC address matches, so they know 'you'), etc.. It was a proof of concept, show-off thing, so they did do a lot of things that wouldn't be implemented. But, some is. Like the ultrasonic thing.
 
Why do the researchers bother to write the report without including the list of offending apps?

Yeah, I'm pretty disappointed the list was not included in the paper.

I'd uninstall any app that had this immediately.
 
It's part of the reason I only keep a limited number of essential apps on my phone. If I don't use it it gets taken off. Go clean out your phones guys. If you haven't used it in a month delete it. It only takes seconds to add it back if you need again in the future.
 
  • Like
Reactions: nysmo
like this
It's part of the reason I only keep a limited number of essential apps on my phone. If I don't use it it gets taken off. Go clean out your phones guys. If you haven't used it in a month delete it. It only takes seconds to add it back if you need again in the future.
I would not be surprised if uninstalling the APP didn't remove the background services that it installs
 
Those old school tinfoil hat guys are sounding less and less crazy every day.

As I happen to be one of those old school tinfoil hat guys that was utilizing some Van Eck tech many decades ago, thank you. ;)
 
Google is already on the clean up process. Pretty sure the number is gonna start to decrease as user questions why McDonald apps is using microphone permission.

Google will do as little as possible to combat this while maintaining market share. Their entire business model is based on covert spying.
 
i cant figure it out. does it work even if the phone screen is "off" why would the mic neede to be turned on for that to begin with ?
 
i cant figure it out. does it work even if the phone screen is "off" why would the mic neede to be turned on for that to begin with ?

The screen is usually off when the phone is up next to your head during a call, and digital assistants (Siri, S voice, etc) need to have the mic working when the screen is off as well so they can listen for whatever activates them.
 
Those old school tinfoil hat guys are sounding less and less crazy every day.

Did they? Even the greatest lie contains a bit of truth. IMO, I watch carefully with such "tin foil" things, but in all logical sense-if there ever can be any-is that something had to start the fire for the smoke to be seen by someone. There have been many lies to the people that have had major consequences but we were told it is fine, safe, and even good for us. Pesticides and lead are great examples that add to the controversy. How about body, hand soaps, and toothpaste that has triclosan which causes DNA damage and colonization of resistant bacteria. It has an absolute affect to the microbiota of an individual in such a manner that is never "good for you." If they are willing to go that far then what else are they willing to do and say; and even make you have to do to achieve "their" means?

So, tracking...hmn. How far are they willing to go because meta-data is the new currency?
 
Last edited by a moderator:
It's part of the reason I only keep a limited number of essential apps on my phone. If I don't use it it gets taken off. Go clean out your phones guys. If you haven't used it in a month delete it. It only takes seconds to add it back if you need again in the future.
This is what sucks, I'm also an "app minimalist", but recently decided to add a couple of games after flashing a new rom. I have a gaming rig at home so mobile games don't interest me much at all but these looked cute... BAM, both of them start spamming notifications after a few days of inactivity begging me to play some more, which means they have been idling in the background consuming resources to keep a clock running on my device. Fastest uninstall ever.
 
Would it not be possible to write an app that listens for these signals and then uploads their location, including the name of the offending retailer, to a website for all to see and potentially boycott?
 
Would it not be possible to write an app that listens for these signals and then uploads their location, including the name of the offending retailer, to a website for all to see and potentially boycott?

This sounds like a brilliant idea!

I wish I had the programming skills to make it happen!
 
It's part of the reason I only keep a limited number of essential apps on my phone. If I don't use it it gets taken off. Go clean out your phones guys. If you haven't used it in a month delete it. It only takes seconds to add it back if you need again in the future.

oh.. if only. i tried to clean up my the other day and there were lots of apps i could not uninstall, like uber and other shit

that annoyed me
 
Walk round with one of those ultrasonic cat scarers on all the while.
 
oh.. if only. i tried to clean up my the other day and there were lots of apps i could not uninstall, like uber and other shit

that annoyed me


Hmm UBER uninstalls just fine on mine. On my LG G4 I was able to uninstall everything pre-installed by LG but the LG Backup app. The Google stuff I just disable what I don't use.
 
Hmm UBER uninstalls just fine on mine. On my LG G4 I was able to uninstall everything pre-installed by LG but the LG Backup app. The Google stuff I just disable what I don't use.

on my samsung galaxy s5 active, i can disable the app, which uninstalls updates and reverts it to factory default install. but its not a complete uninstall as the app is still there in app manager, but showing disabled.
 
on my samsung galaxy s5 active, i can disable the app, which uninstalls updates and reverts it to factory default install. but its not a complete uninstall as the app is still there in app manager, but showing disabled.

Looks like Samsung did a deal with UBER to bake it in.
 
The screen is usually off when the phone is up next to your head during a call, and digital assistants (Siri, S voice, etc) need to have the mic working when the screen is off as well so they can listen for whatever activates them.

I did explain myself badly there. i mean wants its gone into "idle mode" due to inaktivite. not just he screen is off.
 
This really sucks....
I wish there was more transparency in general mobile apps. My pet hate is seeing that huge list of permissions and not knowing EXACTLY why that apps needs them.
Most are easy enough to guess even if they seem invasive at first glance, but this is next level subterfuge.

I wonder what goes through the mind of developers who are driving this stuff. Almost anyone I know would refuse on principle alone given how pervasive data collection is already.
 
So let me get this right.

In the old days, TV remotes used ultrasonic transducers to transmit a signal to the TV for remote control, which was actually far more effective at controlling TV's via remote, as control wasn't limited to direct line of sight as is the case with IR. So if what I'm reading here is correct developers are now using ultrasonics to transmit user data back to an ultrasonic receiver as such data transmission doesn't require the approval of the phone user? Is that how the technology works? Like an ultrasonic receiver network of sorts?

Because I've never seen any ultrasonic receivers mounted on walls/ceilings in retail outlets?
 
I don't doubt this, have you taken a look at kids toys these days and Cartoon Network? Things like Lego Exo nights, "Collection" apps like The Magimobile app and others. They tell when when to open the app to collect but the who says when they stop? There is no visual code and someone who isn't participating all they know is there is an icon on the screen. I haven't seen if the Archer companion app is similar.
 
Back
Top