235 apps attempt to secretly track users with ultrasonic audio

Ultrasonic beacons (previously, previously) let advertisers build an idea of when and where you use your devices: the sound plays in an ad on one device, and is heard by other devices. This way, they can associate two gadgets with a single user, precisely geolocate devices without aGPS, or even build graphs of real-world social networks. The threat was considered more academic than some, but more than 200 Android apps were found in the wild using the technique.

In research sponsored by the German government [PDF], a team of researchers conducted extensive tests across the EU to better understand how widespread this practice is in the real world.

Their results revealed Shopkick ultrasonic beacons at 4 of 35 stores in two European cities. The situation isn't that worrisome, as users have to open an app with the Shopkick SDK for the beacon to be picked up.

In the real world, this isn't an issue, as store owners, advertisers, or product manufactures could incentivize users to open various apps as a way to get discounts.

From the paper:

While in April 2015 only six instances were known, we have been able to identify 39 further instances in a dataset of about 1,3 million applications in December 2015, and until now, a total of 234 samples containing SilverPush has been discovered. We conclude that even if the tracking through TV content is not actively used yet, the monitoring functionality is already deployed in mobile applications and might become a serious privacy threat in the near future

Apparently it's not very effective—consumer speakers and mics aren't designed with ultrasonic use in mind and the authors say noise, audio compression and other factors "significantly affects the feasibility" of the technology—but the intent is clearly there on the part of advertisers and appmakers to make a stab at it. Annoyingly, there doesn't seem to be a list of the apps that are doing this, but there is a reference to a McDonalds app.

If an app asks for access to your device's microphone, camera, etc., and you don't know why, delete the app.

from Boing Boing http://ift.tt/2pCe8DF
via IFTTT

Share on Google Plus

About Unknown

This is a short description in the author block about the author. You edit it by entering text in the "Biographical Info" field in the user admin panel.
    Blogger Comment
    Facebook Comment

0 comments:

Post a Comment