Privacy

by Karl Bode


Filed Under:
apps, audio becaons, ftc, isps, tracking beacons, tv

Companies:
silverpush



Silverpush Stops Using Sneaky, Inaudible TV Audio Tracking Beacons After FTC Warning

from the tread-carefully dept

ISPs and cable companies already track and sell your online behavior, your location data, and effectively everything you do on the Internet (to the second). Now broadcasters and app developers are cooking up a new technology that uses so-called "smart audio beacons" emitted during television programs to help track user viewing habits. These tones, inaudible to the human ear, are picked up by applications which use your smartphone or tablet microphone to listen and record them. That data can then be used to build a profile that potentially matches your existing online data with your viewing habits.

While the technology appears to currently only be in use overseas right now, the FTC felt the need to issue a press release recently warning companies using the technology that they too are being watched. The warning accompanied a letter the FTC sent to 12 app developers (pdf) that informs devs that if they use the technology and don't inform consumers, they're potentially violating Section 5 of the FTC Act. The FTC's attention was grabbed after they realized that the apps in question failed completely to inform users they were being tracked, or that they were even using the device microphone:
"...The code is configured to access the device’s microphone to collect audio information even when the application is not in use. Moreover, your application requires permission to access the mobile device’s microphone prior to install, despite no evident functionality in the application that would require such access. Upon downloading and installing your mobile application that embeds Silverpush, we received no disclosures about the included audio beacon functionality — either contextually as part of the setup flow, in a dedicated standalone privacy policy, or anywhere else."
Two days later, the company pioneering this new snooping tech, Silverpush, announced that it had "exited from all UAB (Unique Audio Beacon) based business and shifted to a newer product line" and that it would "appreciate if SilverPush is not associated with UAB based business going forward." The company also seems to be claiming in conversations with the media that this sudden departure had absolutely nothing to do with the FTC's warning:
"When asked by Motherboard why it pivoted away from audio beacons, a SilverPush spokesperson would only say its decision was “a natural process to move to a more evolved product as a part of our business plan” that began almost a year ago, and again insisted that it wasn't responding to privacy concerns. The company spokesperson also said that SilverPush has never partnered with US app developers in the past, and claimed that any apps that integrate its audio beacon tracking code explicitly ask for permission before accessing a device's microphone through a pop-up message within the app itself.

Motherboard was not able to verify these claims, because SilverPush will not identify which apps and companies are using its code. As of April 2015, the company claimed that 67 apps were using its code, allowing it to monitor around 18 million devices."
Much like the boiling frog metaphor, online privacy is eroded one degree at a time, without most people noticing the temperature shift. For example while it would have been controversial fifteen years ago, most people are currently ok with letting companies track absolutely everything we view (ISP deep packet inspection) and everywhere we go (location data tracking and sales). Still, the marketing industry occasionally pushes into territory that just creeps everybody out (like cable boxes that watch you). But what creeps everybody out today can and usually does become the new normal of tomorrow.

Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 13 Apr 2016 @ 2:15pm

    No worries...

    we will just pay the fine and still make more money that we would obeying that regulations.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 13 Apr 2016 @ 2:17pm

    privacy

    and again insisted that it wasn't responding to privacy concerns.


    That makes it even worse, not better.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 13 Apr 2016 @ 2:20pm

    Well, that's it for me. I'm moving to Gilligan's island and getting all my entertainment from the Professor's coconut radio.

    reply to this | link to this | view in chronology ]

  • identicon
    NSA, 13 Apr 2016 @ 2:21pm

    Pfft. Amateurs.

    reply to this | link to this | view in chronology ]

  • identicon
    PRMan, 13 Apr 2016 @ 2:22pm

    Record shows

    Couldn't someone just record TV and search for the beacons?

    That's pretty much going to tell you who is using it.

    reply to this | link to this | view in chronology ]

    • identicon
      Lurker Keith, 13 Apr 2016 @ 7:10pm

      Re: Record shows

      Nielson uses either supersonic or subsonic signals embedded in all TV shows to monitor Ratings. It's most likely their embedded signals being hijacked by others.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 14 Apr 2016 @ 6:25am

      Re: Record shows

      That's what I was thinking. It's easier to listen for a sharply-defined signal they insert themselves, but almost every TV show has its theme music, which is loud and always the same. Same for station IDs and commercials.

      Of course, anyone with cable or satellite TV is already monitored through their provider's set-top box...

      The thing about all this monitoring is, just because a TV is on, doesn't mean anyone is watching it. As a TV-phobe myself, I've noticed that most people will flip a TV on automatically when they walk into a room, assuming it's not on already. Then it usually seems to exist in some sort of visual blind spot as they ignore it. In my area it's difficult to find a restaurant or business office without at least one TV either gesticulating in silence or trying to blare over attempts at conversation.

      reply to this | link to this | view in chronology ]

      • icon
        John Fenderson (profile), 14 Apr 2016 @ 8:00am

        Re: Re: Record shows

        "In my area it's difficult to find a restaurant or business office without at least one TV either gesticulating in silence or trying to blare over attempts at conversation."

        Wow.

        Thank you for reminding me that I live in a truly wonderful part of the country. Where I'm at, the only businesses what do this are bars (and not even all of them).

        I also rarely see people leave TVs on if they aren't actually watching them. But they might turn them off when company comes over in order to avoid embarrassment.

        reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 13 Apr 2016 @ 2:32pm

    Norms can go the other way. Very few people are okay with deep packet inspection. Most people don't know what it is.

    Don't confuse ignorance for acceptance.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 13 Apr 2016 @ 2:37pm

    If these apps are breaking through Google store's security and taking control of the mic without identifying as such, Google should go after the people involved, drag them through the courts for DECADES until they all give up and die homeless and alone or throw themselves off a bridge.

    reply to this | link to this | view in chronology ]

    • icon
      Adrian Cochrane (profile), 13 Apr 2016 @ 7:10pm

      Re:

      Why would Google do such a thing? I'm sure some of the tracking revenue comes back to them.

      Also given habits on the Google Play Store, I'm not sure these apps are exactly breaking anything. Instead they, like many others, could simply be asking for a range of irrelevent permissions.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 14 Apr 2016 @ 4:15am

      Re:

      You misunderstand. The current version of the Android operating system requires a user to explicitly allow an app to use certain aspects of the device; these permissions are listed at installation and during updates, and must be explicitly allowed by the user.
      The FTC's problem with the software in question is: "your application requires permission to access the mobile device’s microphone prior to install, despite no evident functionality in the application that would require such access" i.e. permission has been granted by the user (leaving Google off the hook, and breaking no functionality of the OS/permissions) but the app isn't offering a function to the user, it's just spying on the user, because the user allowed the app to use the microphone.

      reply to this | link to this | view in chronology ]

    • icon
      nasch (profile), 14 Apr 2016 @ 8:18am

      Re:

      If these apps are breaking through Google store's security and taking control of the mic without identifying as such

      That's not a feature of the store, it's a feature of the OS. An app will crash if it tries to use a protected feature it hasn't asked permission for. It sounds to me like the issue is that this app generically asked for permission to use the microphone, but they didn't inform the user that it would be used when the app was not active.

      reply to this | link to this | view in chronology ]

      • icon
        John Fenderson (profile), 14 Apr 2016 @ 2:09pm

        Re: Re:

        "An app will crash if it tries to use a protected feature it hasn't asked permission for."

        Only if the app is badly engineered. What actually happens is that if an app tries to use a system service it hasn't the proper permissions for, then that system service won't work for it. The only way this will cause an app to crash is if it assumed that the service always succeeds.

        But this problem does hit on the main problem with Android app security: the granularity of the permissions is far, far too coarse. Apps that want to use a very specific facility often have to ask for permissions that grant them far more access than what they want.

        This means that users can't really tell what an app is intending to do or to prevent it from doing nasty things while allowing it to do only what it claims it wants to do.

        reply to this | link to this | view in chronology ]

        • icon
          nasch (profile), 14 Apr 2016 @ 2:47pm

          Re: Re: Re:

          But this problem does hit on the main problem with Android app security: the granularity of the permissions is far, far too coarse. Apps that want to use a very specific facility often have to ask for permissions that grant them far more access than what they want.

          Not an easy problem to solve in a useful way though. I doubt many people pay attention to the permissions an app requests already, and if you make the permission a lot more specific, there will be a much longer list that's harder to understand to the casual user. They'll be even less likely to read or understand it. The new permission model could help with that though.

          reply to this | link to this | view in chronology ]

          • icon
            John Fenderson (profile), 14 Apr 2016 @ 4:30pm

            Re: Re: Re: Re:

            True, this problem runs smack into the fact that security and convenience are natural enemies.

            But for those of us who are very conscious of these things, the existing model is of minimal use. If it were improved -- even along the lines of what CyanogenMod used to do in allowing you to revoke individual fine-grained permissions of already installed apps -- that can only help.

            reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 13 Apr 2016 @ 2:56pm

    Could be more than just a warning stopping the practice, fewer people watching "television programs" would greatly reduce the amount of data being collected or would be expected to be collected.

    reply to this | link to this | view in chronology ]

  • icon
    John Fenderson (profile), 13 Apr 2016 @ 3:49pm

    Ominous

    a SilverPush spokesperson would only say its decision was “a natural process to move to a more evolved product as a part of our business plan”


    This sounds like they came up with an improved method of doing the same (or even worse) tracking. Probably one that's harder to notice.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 13 Apr 2016 @ 5:06pm

    Is that legal in a two party state?

    reply to this | link to this | view in chronology ]

  • icon
    Ninja (profile), 14 Apr 2016 @ 6:36am

    Question to the more enlightened: Can't we build a device to identify such wavelengths and possibly nullify them? I believe it would be quite trivial.

    reply to this | link to this | view in chronology ]

    • icon
      nasch (profile), 14 Apr 2016 @ 8:20am

      Re:

      Can't we build a device to identify such wavelengths and possibly nullify them?

      Seems like something that just emits noise at those frequencies would defeat it.

      reply to this | link to this | view in chronology ]

  • icon
    Monday (profile), 14 Apr 2016 @ 9:11am

    ISPs and cable companies already track and sell your online behavior, your location data, and effectively everything you do on the Internet (to the second).


    I am curious. Has anyone ever attempted a suit against one of these entities for selling their information. Is there any kind of inherent trademark or patent to a person's private behaviour or actions online?
    It is, after all, your shit that you're doing, and by doing it, it should be naturally guarded / protected under their law.

    I'm just wondering. I'm trying not to troll here, but software companies have to get you to "agree" to their terms, and I've never seen something like that from my cable / ISP company sooooo........

    :)


    Yeah, I know, "Dumb question Monday."

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 14 Apr 2016 @ 9:18am

    a new product - range limiting speakers

    btw - is still stealing one line of video and determining what you are watching?

    reply to this | link to this | view in chronology ]

  • icon
    limbodog (profile), 14 Apr 2016 @ 11:04am

    I think it's time we start regulating privacy for real

    I don't mean just telling these companies that they have to be "opt in", because people usually need access to what they have, and everyone will be doing it. So unless you become Amish, you're going to have to opt in.

    No, I think it's time we pass some laws that say "No, you can't just record everything someone does 24/7 unless you provide regular details to that person on what was recorded, and with whom you shared that info."

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Shop Now: I Invented Email
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.