Dystopian corporate surveillance threats today come at us from all directions. Companies offer "always-on" devices that listen for our voice commands, and marketers follow us around the web to create personalized user profiles so they can (maybe) show us ads we'll actually click. Now marketers have been experimenting with combining those web-based and audio approaches to track consumers in another disturbingly science fictional way: with audio signals your phone can hear, but you can't. And though you probably have no idea that dog whistle marketing is going on, researchers are already offering ways to protect yourself.
The technology, called ultrasonic cross-device tracking, embeds high-frequency tones that are inaudible to humans in advertisements, web pages, and even physical locations like retail stores. These ultrasound "beacons" emit their audio sequences with speakers, and almost any device microphone—like those accessed by an app on a smartphone or tablet—can detect the signal and start to put together a picture of what ads you've seen, what sites you've perused, and even where you've been. Now that you're sufficiently concerned, the good news is that at the Black Hat Europe security conference on Thursday, a group based at University of California, Santa Barbara will present an Android patch and a Chrome extension that give consumers more control over the transmission and receipt of ultrasonic pitches on their devices.
In Saks, no one can hear you(r phone) scream.
(Score: 2) by pkrasimirov on Saturday November 05 2016, @12:37PM
Am I supposed to have some shitty app running all the time on my mobile? How can it record these sounds AND report to the mothership?
(Score: 3, Informative) by bradley13 on Saturday November 05 2016, @12:43PM
Any app that has permission to listen to your microphone would be able to collect this data.
- Facebook comes immediately to mind - they sell out their users all the time, why not do so again?
- The various Google apps running on your phone could also track this data.
- Any random stupid game might, in addition to displaying adverts, also collect and sell this data.
tl;dr: No new app needed, there are already plenty of wide-open doors.
Everyone is somebody else's weirdo.
(Score: 2) by driven on Saturday November 05 2016, @01:39PM
What's an appropriate way to stop this, I wonder? One thought is Android could report on the amount of time an app used the microphone for. Sort by microphone usage highest->lowest, let the user decide what is legit usage, uninstall the app/revoke permission if necessary.
(Score: 0) by Anonymous Coward on Sunday November 06 2016, @02:10AM
What's an appropriate way to stop this, I wonder?
Enlist the services of a dog, or a teenager?
(Score: 2) by stormwyrm on Saturday November 05 2016, @01:42PM
Numquam ponenda est pluralitas sine necessitate.
(Score: 1, Informative) by Anonymous Coward on Saturday November 05 2016, @02:45PM
> An app that was doing this all the time would cause massive battery drain.
Don't count on it. How do you think modern phones are able to constantly listen for commands as in "hey siri" and "ok google?"
They have dedicated low-power chips for microphone data processing.
(Score: 4, Insightful) by BsAtHome on Saturday November 05 2016, @01:43PM
Most apps request (require) more access than they actually need to perform their primary and secondary functions.
Many apps implement a lot of stuff that has nothing to with the application as such. This is either down to lazy programmers who didn't put limits on (optimistic view), or by design to sneak in all things that the user does not want but must get to milk the user for every last bit of information (pessimistic view).
Please be reminded of the fact that Google, the Android pusher, is an advertisement company.
You yourself decide which category you, your device and its software falls into and how to act accordingly. Define which is the product... your phone, the app, or you.
(Score: 3, Interesting) by Sarasani on Saturday November 05 2016, @03:50PM
I once asked the developers of a popular open source Android based email client why their application requested something to the tune of 45 permissions when all the application was supposed to do is [1] access network [2] fetch/send email and [3] access the contacts list. The developers' response made a bit of sense ("we need it for these rather exotic/obscure functions, and also for future capabilities, but hey, at least you can look into the code -- it's open source!"). That was enough information for me to make up my mind: never installed the application and stacked it neatly on top of the "forget-about-it" pile. I guess I just didn't fit their "what-are-permissions" user profile.