Silverpush Stops Using Sneaky, Inaudible TV Audio Tracking Beacons After FTC Warning
from the tread-carefully dept
ISPs and cable companies already track and sell your online behavior, your location data, and effectively everything you do on the Internet (to the second). Now broadcasters and app developers are cooking up a new technology that uses so-called “smart audio beacons” emitted during television programs to help track user viewing habits. These tones, inaudible to the human ear, are picked up by applications which use your smartphone or tablet microphone to listen and record them. That data can then be used to build a profile that potentially matches your existing online data with your viewing habits.
While the technology appears to currently only be in use overseas right now, the FTC felt the need to issue a press release recently warning companies using the technology that they too are being watched. The warning accompanied a letter the FTC sent to 12 app developers (pdf) that informs devs that if they use the technology and don’t inform consumers, they’re potentially violating Section 5 of the FTC Act. The FTC’s attention was grabbed after they realized that the apps in question failed completely to inform users they were being tracked, or that they were even using the device microphone:
“…The code is configured to access the device?s microphone to collect audio information even when the application is not in use. Moreover, your application requires permission to access the mobile device?s microphone prior to install, despite no evident functionality in the application that would require such access. Upon downloading and installing your mobile application that embeds Silverpush, we received no disclosures about the included audio beacon functionality ? either contextually as part of the setup flow, in a dedicated standalone privacy policy, or anywhere else.”
Two days later, the company pioneering this new snooping tech, Silverpush, announced that it had “exited from all UAB (Unique Audio Beacon) based business and shifted to a newer product line” and that it would “appreciate if SilverPush is not associated with UAB based business going forward.” The company also seems to be claiming in conversations with the media that this sudden departure had absolutely nothing to do with the FTC’s warning:
“When asked by Motherboard why it pivoted away from audio beacons, a SilverPush spokesperson would only say its decision was ?a natural process to move to a more evolved product as a part of our business plan? that began almost a year ago, and again insisted that it wasn’t responding to privacy concerns. The company spokesperson also said that SilverPush has never partnered with US app developers in the past, and claimed that any apps that integrate its audio beacon tracking code explicitly ask for permission before accessing a device’s microphone through a pop-up message within the app itself.
Motherboard was not able to verify these claims, because SilverPush will not identify which apps and companies are using its code. As of April 2015, the company claimed that 67 apps were using its code, allowing it to monitor around 18 million devices.”
Much like the boiling frog metaphor, online privacy is eroded one degree at a time, without most people noticing the temperature shift. For example while it would have been controversial fifteen years ago, most people are currently ok with letting companies track absolutely everything we view (ISP deep packet inspection) and everywhere we go (location data tracking and sales). Still, the marketing industry occasionally pushes into territory that just creeps everybody out (like cable boxes that watch you). But what creeps everybody out today can and usually does become the new normal of tomorrow.
Filed Under: apps, audio becaons, ftc, isps, tracking beacons, tv
Companies: silverpush
Comments on “Silverpush Stops Using Sneaky, Inaudible TV Audio Tracking Beacons After FTC Warning”
No worries...
we will just pay the fine and still make more money that we would obeying that regulations.
privacy
That makes it even worse, not better.
Well, that’s it for me. I’m moving to Gilligan’s island and getting all my entertainment from the Professor’s coconut radio.
Pfft. Amateurs.
Record shows
Couldn’t someone just record TV and search for the beacons?
That’s pretty much going to tell you who is using it.
Re: Record shows
Nielson uses either supersonic or subsonic signals embedded in all TV shows to monitor Ratings. It’s most likely their embedded signals being hijacked by others.
Re: Record shows
That’s what I was thinking. It’s easier to listen for a sharply-defined signal they insert themselves, but almost every TV show has its theme music, which is loud and always the same. Same for station IDs and commercials.
Of course, anyone with cable or satellite TV is already monitored through their provider’s set-top box…
The thing about all this monitoring is, just because a TV is on, doesn’t mean anyone is watching it. As a TV-phobe myself, I’ve noticed that most people will flip a TV on automatically when they walk into a room, assuming it’s not on already. Then it usually seems to exist in some sort of visual blind spot as they ignore it. In my area it’s difficult to find a restaurant or business office without at least one TV either gesticulating in silence or trying to blare over attempts at conversation.
Re: Re: Record shows
“In my area it’s difficult to find a restaurant or business office without at least one TV either gesticulating in silence or trying to blare over attempts at conversation.”
Wow.
Thank you for reminding me that I live in a truly wonderful part of the country. Where I’m at, the only businesses what do this are bars (and not even all of them).
I also rarely see people leave TVs on if they aren’t actually watching them. But they might turn them off when company comes over in order to avoid embarrassment.
Norms can go the other way. Very few people are okay with deep packet inspection. Most people don’t know what it is.
Don’t confuse ignorance for acceptance.
Re: Re:
And even if they know what it is they might not know that it’s being done to them.
If these apps are breaking through Google store’s security and taking control of the mic without identifying as such, Google should go after the people involved, drag them through the courts for DECADES until they all give up and die homeless and alone or throw themselves off a bridge.
Re: Re:
Why would Google do such a thing? I’m sure some of the tracking revenue comes back to them.
Also given habits on the Google Play Store, I’m not sure these apps are exactly breaking anything. Instead they, like many others, could simply be asking for a range of irrelevent permissions.
Re: Re:
You misunderstand. The current version of the Android operating system requires a user to explicitly allow an app to use certain aspects of the device; these permissions are listed at installation and during updates, and must be explicitly allowed by the user.
The FTC’s problem with the software in question is: “your application requires permission to access the mobile device’s microphone prior to install, despite no evident functionality in the application that would require such access” i.e. permission has been granted by the user (leaving Google off the hook, and breaking no functionality of the OS/permissions) but the app isn’t offering a function to the user, it’s just spying on the user, because the user allowed the app to use the microphone.
Re: Re:
If these apps are breaking through Google store’s security and taking control of the mic without identifying as such
That’s not a feature of the store, it’s a feature of the OS. An app will crash if it tries to use a protected feature it hasn’t asked permission for. It sounds to me like the issue is that this app generically asked for permission to use the microphone, but they didn’t inform the user that it would be used when the app was not active.
Re: Re: Re:
“An app will crash if it tries to use a protected feature it hasn’t asked permission for.”
Only if the app is badly engineered. What actually happens is that if an app tries to use a system service it hasn’t the proper permissions for, then that system service won’t work for it. The only way this will cause an app to crash is if it assumed that the service always succeeds.
But this problem does hit on the main problem with Android app security: the granularity of the permissions is far, far too coarse. Apps that want to use a very specific facility often have to ask for permissions that grant them far more access than what they want.
This means that users can’t really tell what an app is intending to do or to prevent it from doing nasty things while allowing it to do only what it claims it wants to do.
Re: Re: Re: Re:
But this problem does hit on the main problem with Android app security: the granularity of the permissions is far, far too coarse. Apps that want to use a very specific facility often have to ask for permissions that grant them far more access than what they want.
Not an easy problem to solve in a useful way though. I doubt many people pay attention to the permissions an app requests already, and if you make the permission a lot more specific, there will be a much longer list that’s harder to understand to the casual user. They’ll be even less likely to read or understand it. The new permission model could help with that though.
Re: Re: Re:2 Re:
True, this problem runs smack into the fact that security and convenience are natural enemies.
But for those of us who are very conscious of these things, the existing model is of minimal use. If it were improved — even along the lines of what CyanogenMod used to do in allowing you to revoke individual fine-grained permissions of already installed apps — that can only help.
Could be more than just a warning stopping the practice, fewer people watching “television programs” would greatly reduce the amount of data being collected or would be expected to be collected.
Ominous
This sounds like they came up with an improved method of doing the same (or even worse) tracking. Probably one that’s harder to notice.
Re: Ominous
Or they spun off the technology to a separate company to protect themselves from any legal fallout when its use is detected.
Re: Re: Ominous
That seems even more likely, yes.
Is that legal in a two party state?
Question to the more enlightened: Can’t we build a device to identify such wavelengths and possibly nullify them? I believe it would be quite trivial.
Re: Re:
Can’t we build a device to identify such wavelengths and possibly nullify them?
Seems like something that just emits noise at those frequencies would defeat it.
I am curious. Has anyone ever attempted a suit against one of these entities for selling their information. Is there any kind of inherent trademark or patent to a person’s private behaviour or actions online?
It is, after all, your shit that you’re doing, and by doing it, it should be naturally guarded / protected under their law.
I’m just wondering. I’m trying not to troll here, but software companies have to get you to “agree” to their terms, and I’ve never seen something like that from my cable / ISP company sooooo……..
🙂
Yeah, I know, “Dumb question Monday.”
a new product – range limiting speakers
btw – is still stealing one line of video and determining what you are watching?
I think it's time we start regulating privacy for real
I don’t mean just telling these companies that they have to be “opt in”, because people usually need access to what they have, and everyone will be doing it. So unless you become Amish, you’re going to have to opt in.
No, I think it’s time we pass some laws that say “No, you can’t just record everything someone does 24/7 unless you provide regular details to that person on what was recorded, and with whom you shared that info.”