Researchers in Germany discovered the presence of privacy-threatening software on 234 android apps, almost a year after the developer vowed to kill it, Ars Technica UK reports.
The software, created by app developer SilverPush, uses inaudible sound embedded into TV commercials to secretly track phone users.
"The example of SilverPush highlights how easily this technology can be used to spy on users," Erwin Quiring, one of the researchers from the Technische Universitat Braunschweig, wrote in an e-mail to ARS Technica. "In this way, they can track the TV viewing habits of users precisely even with traditional broadcasting technologies. In our research paper, we identified three further privacy risks that can occur with this technology, e.g., tracking locations, behavior devices, and even the de-anonymization of Tor users."
The paper, titled "Privacy Threats through Ultrasonic Side Channels on Mobile Devices," was published at the 2nd annual IEEE European Symposium on Security and Privacy and presented last week in Paris.
The SilverPush software allows TVs to communicate with your smart phone through a beacon signal with frequencies ranging from 18kHz to 20kHz, a range inaudible to most humans but able to be reliably detected by most phone microphones.
The audio beacon enables companies like SilverPush to know which ads the user saw, how long the user watched the ad before changing the channel, along with other information. Marketers could also track the whereabouts of shoppers as they moved throughout a department store and "promoters using other companies' audio-beacon technologies could use them to push ads or coupons to people who are near a certain store or service," according to Ars Technica.
SilverPush founder Hitesh Chawla said the finding surprised him.
"We respect consumer privacy and would not want to build our business foundation where the privacy is questionable," he told Ars. "Even when we were live, our SDK was not present in more than 10 to 12 apps. So there is no chance that our presence in 234 apps is possible. Every time a new handset gets activated with our SDK, we get a ping on our server. We have not received any activation for six months now."
© 2024 Newsmax. All rights reserved.