More than 200 Android mobile applications listen surreptitiously for ultrasonic beacons embedded in audio that are used to track users and serve them with targeted advertising.
Academics from Technische Universitat Braunschweig in Germany recently published a paper in which they describe their research into the practice of using these beacons to monitor a consumer’s shopping and possibly television viewing habits in order to serve them relevant advertising. The researchers raise a number of privacy concerns about such tracking, and how adversaries can abuse it to deduce a person’s physical location, and even theoretically de-anonymize their use of the Tor browser or crytocurrency such as Bitcoin.
“Recently, several companies have started to explore new ways to track user habits and activities with ultrasonic beacons,” researchers Daniel Arp, Erwin Quiring, Christian Wressnegger and Konrad Rieck wrote in “Privacy Threats Through Ultrasonic Side Channles on Mobile Devices.” “In particular, they embed these beacons in the ultrasonic frequency range between 18 and 20 kHz of audio content and detect them with regular mobile applications using the device’s microphone.”
The mobile user has no knowledge this is happening; the researchers found this behavior in 234 Android apps, up from 39 in 2015.
The researchers analyzed 140 hours of media data from TV streams and audio content. Four of 35 stores visited in two European cities used beacons for tracking, they wrote. While no TV streams included these beacons, the researchers believe it’s only a matter of time before this technology is used in commercials and marketers can track a user’s viewing habits. These beacons can also be used to link those habits to a mobile device.
“We conclude that even if the tracking through TV content is not actively used yet, the monitoring functionality is already deployed in mobile applications and might become a serious privacy threat in the near future,” the researchers wrote.
The paper presents a means for detecting these beacons, as well as a study of three mobile applications that listen for them: Shopkick, Lisnr and SilverPush. Shopkick, for example, has a number of commercial partners and offers users targeted rewards as they’re walking through a merchant’s door.
“In contrast to GPS, loudspeakers at the entrance emit an audio beacon that lets Shopkick precisely determine whether the user walked into a store,” the researchers wrote.
Other apps such as Lisnr and Signal360 get location-specific content from the beacons, including coupons and vouchers.
“Once the user has installed these applications on her phone, she neither knows when the microphone is activated nor is she able to see which information is sent to the company servers,” the researchers wrote.
Silverpush, meanwhile, could accelerate the adoption of these beacons in television commercials; the developers have filed a patent for this purpose, allowing the app to track a user’s viewing habits.
“In contrast to other tracking products, however, the number and the names of the mobile applications carrying this functionality are unknown,” the researchers wrote. “Therefore, the user does not notice that her viewing habits are monitored and linked to the identity of her mobile devices.”
The paper singles out a number of privacy threats posed by these beacons. In addition to linking identities to viewing habits, such media tracking could also expose a person’s political leanings or other personal preferences.
Adversaries can also abuse these beacons and learn about multiple devices linked to the same individual, facilitating targeted attacks, for example. The technology also allows for location tracking without the need for GPS.
The researchers also caution that the side-channel could also disclose a relationship between an individual’s Bitcoin address and their mobile phone, or similarly link usage of the Tor browser to a device.