PH fastfood Android apps embedded with ‘spying tools’ – researchers

May 25, 2017 - 5:17 PM
Android mascots are lined up in the demonstration area at the Google I/O Developers Conference in the Moscone Center in San Francisco, California, in this May 10, 2011 file photo. REUTERS/Beck Diefenbach

MANILA, PHILIPPINES | A research team in Germany recently discovered technology that can be used as a spying tool using apps emitting ultrasonic tones on mobile devices without the knowledge of the user.

In a paper titled “Privacy Threats through Ultrasonic Side Channels on Mobile Devices”, which was sponsored by the German government, researchers from the Technische Universitat Braunschweig have found 234 Android apps, including app versions distributed by fastfood services in the Philippines, were embedded with ‘spying tools’ that could violate an individual’s privacy.

“The researchers found coding from SilverPush, a San Francisco company that sells cross-device tracking software” on earlier versions of the fastfood apps distributed in the Philippines” in an email sent to CBS News. But both CBS and an earlier Wired article stated that “(it) doesn’t mean these apps have the function turned on, necessarily, but they are ready to support it at any time”.

Examples of different privacy threats introduced by ultrasonic side channels: (a) Ultrasonic beacons are embedded in TV audio to track the viewing habits of a user; (b) ultrasonic beacons are used to track a user across multiple devices. Graphics: Technische Universitat Braunschweig
Examples of different privacy threats introduced by ultrasonic side channels: (c) the user’s location is precisely tracked inside a store using ultrasonic signals; (d) visitors of a website are de-anonymized through ultrasonic beacons sent by the website. Graphics: Technische Universitat Braunschweig

The use of ultrasonic tracking beacons from mobile devices and other communication gadgets connected to the internet is said to “help create intimate profiles of people, tying them to a slew of devices communicating with each other through the beacons”.

Such devices can emit high frequency sounds, inaudible to humans but can be “heard” by the apps through the built-in microphone of a device, for example the mic on a mobile phone.

The ultrasonic beacons, the German research paper said, can track customers’ habits and send them targeted advertisements. And since the tool is also tracking the user’s location it could also be a tool to “identify anonymous users, including those using Bitcoin and Tor”.

Google, which confirmed the existence of the apps discovered by the researchers, said that the “(apps) have either been suspended or updated to meet the company’s privacy policies”.

Nevertheless, researchers from the Braunschweig University of Technology warned that “millions of users could still be under surveillance without knowing after they found that a sample of five of the 234 apps had been downloaded up to 11 million times.”