Android apps secretly tracking users by listening to inaudible sound hidden in adverts

An increasing number of Android applications are attempting to track users without their knowledge, according to a new report.

Over recent years, companies have started hiding “beacons”, ultrasonic audio signals inaudible to humans, in their adverts, in order to track devices and learn more about their owners.

Electronic devices equipped with microphones can register these sounds, allowing advertisers to uncover their location and work out what kind of ads their owners watch on TV and which other devices they own.

The technique can even be used to de-anonymise Tor users.

“Throughout our empirical study, we confirm that audio beacons can be embedded in sound, such that mobile devices spot them with high accuracy while humans do not perceive the ultrasonic signals consciously,” reads the report from researchers at Technische Universität Braunschweig in Germany.

They found that, while six apps were known to be using ultrasound cross-device tracking technology in April 2015, this number grew to 39 by December 2015, and has now increased to 234.

The study hasn’t named any specific programs, but says that several have millions of downloads and “are part of reputable companies”, including McDonald’s and Krispy Kreme.

“They embed these beacons in the ultrasonic frequency range between 18 and 20 kHz of audio content and detect them with regular mobile applications using the device’s microphone,” the research adds.

Since consumers need to have the apps open in order for advertisers to use them for tracking purposes, the privacy threat isn’t quite as worrying as it could be.

However, the researchers believe it could grow into a serious issue "in the near future”.

As ever, users should be selective about the apps they download.

If you can’t work out why an app is asking for certain permissions, such as access to your camera or microphone, think twice about installing it.