Android apps are secretly listening in on millions of users, a new study has found.
The study, titled “Privacy Threats through Ultrasonic Side Channels on Mobile Devices”, was carried out by researchers from Brunswick Technical University in Germany and found that 234 Android apps contain a special type of code called SilverPush, that can track users without their knowledge via the microphone on their smartphone.
The apps are embedded with ultrasonic beacons and it these beacons which track users.
The beacons are used to track user habits and activities as a way of showing them more targeted advertising or as means in which to track their location, even when indoors without the use of GPS.
Some of the them have been discovered in the apps of well known companies, the study revealed.
“Several among them have millions of downloads or are part of reputable companies, such as McDonald’s and Krispy Kreme,” the researchers said.
The researchers also found that the most downloaded of the apps did not warn users of its listening capabilities.
“Device tracking is a serious threat to the privacy of users, as it enables spying on their habits and activities,” the researchers said.
“A recent practice embeds ultrasonic beacons in audio and tracks them using the microphone of mobile devices. This side channel allows an adversary to identify a user’s current location, spy on her TV viewing habits or link together her different mobile devices.”
“Our findings confirm our privacy concerns: We spot ultrasonic beacons in various web media content and detect signals in 4 of 35 stores in two European cities that are used for location tracking”.
“While we do not find ultrasonic beacons in TV streams from 7 countries, we spot 234 Android applications that are constantly listening for ultrasonic beacons in the background without the user’s knowledge.”
They added that users in the Philippines who had downloaded the McDonalds and Krispy Kreme apps were being tracked via the app. Each had been downloaded around 500,000 times, the study said.
The news comes after electronics giant Bose were found to be listening in on its users via a mobile app.
The app, which accompanied pairs of its wireless headphones, tracked the music, podcasts and other audio the user had listened too, Reuters reported.
If that wasn’t bad enough, the company was then accused of violating user privacy by selling the data it collected without permission.