Hundreds of Android Apps Track Users Through Ultrasound Beacons

It is never good to learn Android applications pose a security and privacy risk to users right now. A total of 234 apps have been discovered, all of which use ultrasonic beacons to track user activity. That is quite a troublesome development, as it this development poses a serious risk to maintaining user privacy. The discovery was made by researchers at the German Brunswick Technical University.

Android Apps Tracking Users Are Bad

It is to be expected the Android ecosystem is home to some nefarious applications as more time progresses. What no one saw coming, however, is how 234 apps are effectively using ultrasonic beacons to track users and their environment. To be more specific, these apps make use of ultrasound cross-device tracking techniques, a trend that has become rather popular over the past few years.

Ultrasound cross-device tracking – or uXDT – has become a popular tool among advertisers looking to track users as they switch between devices. In most cases, the ultrasound beacon is embedded within advertisements. Once the ad plays on traditional or online platforms, it emits an ultrasound picked up by the microphone of nearby electronic gadgets. Laptops, computers, mobile devices, and tablets can all pick up this sound.

Any application installed on the device picking up the ultrasound beacon will relay the signal back to the advertiser. This signal confirms said user is the potential owner of the devices linked together by this particular beacon. A very interesting technique to track users, although one that has little chance of success unless the user installs an application on their mobile device capable of sending and receiving such an ultrasound signal.

This is where this recent discovery comes into the picture. A total of 234 Android apps has been discovered, all of which contain the necessary SDK to relay these beacons to advertisers. Since Android is by far the largest mobile ecosystem, that outcome is not entirely surprising. The bigger question is whether or not consumers should be aware of this problem, and more importantly, how they can protect themselves from being tracked.

It is important to highlight the growth of uXDT-capable applications as part of the Android ecosystem as of late. In April of 2015, a similar scan was conducted. At that time, only 6 applications appeared to contain uXDT capabilities. However, that number had already increased to 39 in December of 2015. It is evident advertisers are looking to use this technology a soften as possible to successfully track users at all times.

What is even more disconcerting is how quite a few of these “malicious” applications have been downloaded several million times. Things only get even worse when discovering some of the apps belong to major retail chains with a worldwide presence, including McDonald’s. Then again, these applications are not doing anything illegal, even though they may not inform users of how they emit the ultrasound beacon for tracking purposes either.

That does not mean uXDT is not a threat, though. This technique can be used to deanonymize Tor users, assuming it is applied correctly. Users can protect themselves against this problem by not giving applications permissions they do not need. A McDonald’s app does not need access to your microphone or camera by any means. From a privacy point of view, this news is very troublesome. However, advertisers will find new ways to track users regardless of people trying to block uXDT from being successful.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.