One of many reasons I find it amazing that applications ask for permission to the microphone when they don't have a good reason.
The latest Netflix update on Android asks for microphone permissions, saying that in the future they'll offer a way to call Netflix support from within the app. No, that's not a good reason; I have a phone for that. I've specifically avoided that upgrade; I'm hoping that my Nexus gets the upgrade to M before then, so that I can upgrade Netflix but deny it access to the microphone.
I used to believe that and installed CM 12.1 on my phone only to find out that the restrictions don't really work. Whatsapp was able to read my messages (automatic phone verify) when I had disabled the access. Digging around I found out this is the case even with XPrivacy (there are open issues on github) which is supposed to be more extensive. There are some situations when the blocks aren't enforced at all (like some native calls). I got a nexus 5x, android 6 permissions feature actually works.
I use this extensively myself, but the one problem that I'm facing is that it makes some applications unstable. Usually, I just uninstall them as I'd rather sacrifice my comfort than my security and privacy.
Thanks for this, I didn't realise you could do this in CM.
You can also check when the permissions were being used. For the Netflix app I noticed the "record audio" permission had never been used, but I've set it to explicitly ask me if it tries to use it.
Just sad that Google has lumped the permissions into categories, and also put a bunch of them into "safe".
Yeah yeah, clueless aunt Tillie will flip something and complain that its broken. But persisting this way means that you (Google and anyone agreeing with their stance) are breeding whole generations of Tillies.
FirefoxOS (I was using v1.3, not sure about earlier or later versions) did the same, it was pretty neat. It's really nice that they are doing it from the very early days, not waiting for their app marketplace to become bigger.
No, it didn't. iOS originally gave apps access to just about everything except background execution without any warning. At the time Android had the superior permissions model, with each app telling you what it needed at install and you being in control of whether or not you wanted to install it with that information. Older iOS apps had access to your photos, your contacts, and other stuff and could use it with no warning to you.
As a result of early privacy breaches, later releases of iOS added per-function permissions on demand, leap-frogging Android in terms of permissions functionality. Android has had some level of per-function permissions on demand in the works since Android 4.4 -- and you could use it in unofficial Android builds like CyanogenMod by turning off individual permissions for apps -- but the feature only finally made it into official builds in Android 6.0. It also got it properly in the API and manifest of apps as well so they can ask permissions as they need them... like the Facebook app needing access to your photos when you select to attach a photo to a post.
I have to add that the Facebook app does not have to have or ask for any permission at all to let the user pick an image to publish in their stream. It can use Android Intents to delegate to the user's choice of image picker app to do that[0].
The Intent system[1] is the real ingenuity of the original Android platform. I wish it was used more. Unfortunately most apps choose to implement things like picking an image or an address from the address book in their own code instead - thus more or less forcing the user to submit excessive permissions to the app to get anything done - rather than using the intent system.
The 6.0 on demand permissions may be a decent step forward from the old way of forcing the user to hand over all permissions at install time. Even better would be if the user could indicate to the app that it should use an intent based solution instead requesting a certain permission.
Obviously there are exceptions to this, some tasks require permissions and cannot be resolved with intents.
As of iOS 5, contacts were stored in a world-writable SQLite database. An app that corrupted this database would break contacts for all apps, causing some apps to crash or misbehave, and no permissions were required. (I ran across this on my personal iPad on an app I was developing, after a fit of overconfidence regarding SQLite encryption and whitelisting vs. blacklisting.)
BlackBerry had it too. There was a tree of permissions (broad categories at the top, specifics in the leaves) and you could set permissions to deny, allow or ask each time.
If you could deny access to an application with no good intrinsic reason to go online (eg single player game) then you would probably block ads too, and that's not in Google's interest.
I was behind the curve on smartphones for a long time. Luckily my dumbphone had 3G and Java, so I had Google Maps and Facebook on my dumbphone... with multitasking! Slow as hell, but the dumbphone=>smartphone transition was more gradual than most people realize - It was mostly about better UI and hardware; the basic software was already there.
Frankly many "dumbphones" could rival iPhone when it launched, yet the press went gaga about smartphone for the masses (because Apple made it, natch).
The basic problem was that USA was lagging the mobile world severely, so when the likes of iPhone shipped over there it seemed like a revolution for that insular market. I just wish the wider (tech) press didn't so much unquestionably parrot the US press.
> Frankly many "dumbphones" could rival iPhone when it launched
Did you live through these? I used most of the pre-iPhone Nokia S40 smartphones and owned a few of them, both "consumer" N-series and "professional" E-series. They only rivaled iphones in the checkbox sense: features were technically present on the phone, anything beyond that was missing, the hardware was usually insufficient, the software was garbage on both usability and performances, the overall experience was utterly miserable. After I finally switched from my E70 to a 3G the only thing I wondered is why I hadn't switched earlier (answer being I didn't want to lose the checkbox of 3G support, never mind that I'd have had more utility from 2G on an iphone than I did from 3G on an E70).
And dumbphones didn't come close (dumbphones were what non-corp US users used).
Or because it just plain felt better to use and was available on a heretofore unprecedented scale among people who shape public opinion. But that doesn't allow one to impute some kind of invalidity to the occurrence, does it?
I mean any phone can rival the iphone. It's also not hard to see that the mobile browsers at the time were utterly miserable to use. Touch was only a part of it.
And then they waited until 3GS to have multimedia messaging. Let's not argue the benefits of one OS over another and derail the discussion into a fan service announcement.
And today will silently redirect messaging onto their own system, that will swallow any incoming messages if you ever dear leave their ecosystem. I really really wish they had never gotten into the phone business.
Having to call or chat support is the worst thing about Netflix support, most of the time I don't want to talk with someone on the phone about my problem and resolve it in realtime, I just want to send them an email, explain the issue, and then they can email me back in 24 hours.
I haven't tried their Chat support, but I assume it's like all of the other chat services where agents handle many customers at a time so it takes forever for each response back.
I tried their chat support, they were very outgoing, personable & solved my problem almost immediately. If they were helping other people at the same time, I certainly didn't notice.
Windows 10 (desktop, tablet, mobile, all flavors) needs fine-grained permissions that can be granted and revoked in a similar manner. Even traditional desktop apps need to have similar sandboxing features.
But on Windows, stuff like the "Install->Next->Next->Next->Next->I agree->Next->Waaait for it->Next->Finish" dance has conditioned everyone but the security zealots to click "Yes" without even reading the dialog box. I've seen people with twitch-gamer like reflexes for accepting Windows prompts.
I wonder. If an Android app sticks to api level 22, then presumably they can continue demanding those permissions without having them denied, even on Android 6.0, no?
There are already apps that let you re-write a side-loaded app's permissions, but that usually doesn't work very well. I tried re-writing Facebook's permissions and it aborts fairly quickly.
They can. But you can then enter Options and turn those specific permissions off. Apps like that get fake data, like an empty contact list or that the device doesn't have GPS present/turned on.
That's how cyanogen works, but Google will never do that. The howtogeek.com link that someone else here posted confirms this - apps will just fail and you'll be stuck restoring the permission.
Well, you'll restore the permission if you want to use that app, but if you disable microphone permissions and the app breaks for no reason, do you really want to keep using that app?
Exactly. An app like Netflix couldn't get away with that; if it started breaking, people would contact Netflix support, and if the answer was "turn on the microphone", people would demand a reason why it needs to have access all the time.
I completely agree with you that we shouldn't be using applications that demand more permissions than are obviously needed, but...
...the top 10 flashlight apps in the Play store require network access, camera access, address book access, etc. I can't believe that there would be any great complaint among the majority of android users if Netflix asked for microphone access. And that's exactly why we need the ios-style permissions that google is finally bringing to android.
If you mean flashlight apps that use the flash LEDs, that explains why they need camera access. Address book is ridiculous, though.
As for people complaining: a few recent upgrades of Google applications asked for additional permissions without explanation, and the "reviews" of those got inundated with comments complaining and asking about those additional permissions until Google gave a satisfactory explanation (Chromecast support).
That's really more the fault of the phone manufacturer than of Android, though. Most likely, the camera firmware and binary blob driver aren't distinguishing the calls.
When revoking permissions from older applications, you’ll see a warning message saying, “This app was designed for an older version of Android. Denying permission may cause it to no longer function as intended."
Older applications weren’t designed for this feature, and they generally just assume they have access to any permissions they request. Most of the time, applications should just continue working normally if you revoke their permissions. In some rare cases, the application may crash — if it does, you’ll need to give it permission again.
So yeah, if Facebook decides to stick to api level 22 for a while, you won't be able to un-privilege it.
I know you are giving Facebook as just an example but they have updated their app. If any well known app company continues to do this you can assume they are avoiding/delaying the API update to get more of your data and you should stop using them if you can.
My Huawei P6 (yep, a Chinese company providing user selectable privacy options) shipped with some variant of this, and i have yet to see anything break when using it.
I guess it depends how they worked it in. Is it in the app permission requesting code? Then yeah, app would need to upgrade their api level. Is it on the OS level, and they'll do something like just give null/useless data when you deny the permisson? Then it wouldn't matter.
That's how cyanogen does it - empty address book, camera that always takes black pictures, etc. But I didn't think that Google would ever do that, and @T-A's link to howtogeek.com seems to confirm this. The app will fail on api calls that previously worked and you'll be stuck restoring the permissions.
> I've specifically avoided that upgrade; I'm hoping that
> my Nexus gets the upgrade to M before then, so that I
> can upgrade Netflix but deny it access to the
> microphone.
Weird - mine stopped working when the upgrade became available; until I reluctantly installed it.
Hmm I wonder if there is a way to test if netflix is using the technology. Maybe play the audio sound and check the processor usage or connect to the process and track the syscalls.
Sometimes they need it for only one feature. But in this case it could ask for permission for only a specific task, but since this functionality is not present (I think IOS allows on-demand permissions) it must be asked "for ever"
The latest Netflix update on Android asks for microphone permissions, saying that in the future they'll offer a way to call Netflix support from within the app.
Seriously? Because that kind of overt lie would cross the line into outright evil.
"Call Netflix support?" Really? How stupid would someone have to be to buy that?
I am happy this was brought up. I have been approached by companies to add in "SDKs" of this sort. They usually offer to pay you per user. When you have scale, these companies while the app is open can scan for other media they need to link. I have witnessed iOS apps processing web ads, tv stations and radio ads. The freakiest was watching the software understand a tv show was playing, detect which show, then off a competing ad in the app.
It is quite amazing what a phone can absorb while sitting in a living room with a loud tv blaring (which is most of america).
This just doesn't seem feasible in the real world. Sending out high frequency sound from a device is one thing, but having the other devices actively listening for the sound, is quite a feat. It's mentioned inside a block of text in a quoteblock in the article: "The inaudible code is recognized and received on the other smart device by the software development kit installed on it.". From where does one get this SDK installed on their device with enough permissions to actively listen for its counterpart ad? There's just too many points of failure for this to be a real threat, or a real marketing tool for that matter.
Full disclosure: I work for an audio beacon startup (in bio).
You're correct about microphone permissions related to the SDK. On iOS, this means displaying the top colored bar when you're using the microphone too... IMHO it's not something you can just turn on and not realize it's being used.
We use our listening tech at concerts and event to distribute triggered content and messages from the speaker infrastructure to attendees' phones (ex. "this drink line is long, go to the other one", "here's a free song from the artist on stage right now", "<sponsor> is giving away a free thing", etc.)
The strongest answer is that bluetooth beacons don't work well in huge infrastructure. Sometimes you don't have a place for them to go or they get stolen. Also it's free to use the speaker infrastructure, but outfitting and managing hundreds of beacons is not cheap. Some of our clients have switched to audio beacons for similar reasons.
The Brooklyn Museum did a nice writeup of why bluetooth beacons at scale didn't work for them.
Yes, BT beacons are not cheap when you buy $100 ones from a startup, also whole article was TLDR:'if only we could but a can of spray paint and change color of beacons, but we cant so oh well'
Those beacons have some kind of rubberized case; you can't really spray-paint that. (Also, last I heard the cheaper beacons still weren't terribly cheap and had awful battery life.)
2015 this does already exist, but only for the mobile Android app, and it's opt-in. So as you type a status update, it will listen for any music or TV audio and determine what you are listening to.
Pre-6.0 Android permissions aren't granular and are 'take it or leave it' approved at first install. Some apps install services that run at startup. This would make for a rather excellent monetizatation/interactivity strategy for a chat app, which already has all the necessary permissions for 'normal' operation (think Snapchat LIVE or Moments).
I know at least one group that has used mobile-phone ultrasonics for sonar imaging of breathing. http://apnea.cs.washington.edu/
In terms of entropy, breathing rate is a lot of information: several breaths per minute. So if something of that rate can be noncooperatively recovered, the claim in your comment about cooperative recovery is dubitable.
Oh my god, that is so interesting and different. You must be a really unique and free thinking person to not own a TV or a phone. I bet you have really interesting opinions!
I love how you combat a shit reply with a shit reply of your own. As if Reddit is a single entity and not a collection of somewhat independent communities
To nit-pick: Anything under 20kHZ isn't ultrasonic. :) (Not that either you or the blog author called this high-frequency signalling "ultrasound", but it does appear to be what people are calling it. :/ )
But it seems to fall into the range used by those "mosquito" devices. Meaning it is on the edge of what most humans can hear at young age, and lost with age.
Awesome, thank you for posting with this! I was getting ready to fire up ffmpeg with my network TV tuner to begin searching for this. Now I know of one thing to look for.
It's a lovely sentiment, but if this actually takes off, the content-makers will eventually join in, inserting identical or similar beacons directly into TV/movies etc. for similar reasons.
A multi-tenant only view will lead to obvious outcomes for single tenants. My sense is that this is the nature of things, to vacillate between single-tenant and multi-tenant models. A pure multi-tenant model, which is also highly secure, is probably little different from this reality. It's exceedingly difficult to make things vanish here.
If Android apps can use the microphone without a clear indication, especially in the background, then that is a serious security bug in Android and should be reported with that context and fixed, rather than weird nobody's-fault alarmism.
Well no. I purposely avoided getting into that territory, even though I have strong feelings probably similar to yours.
Even with the take-it-or-leave-it faux-contract of adhesion permission model, there should be a visual indication when an app is using the microphone. Background microphone (not as a result of a directly preceding user intent) should be a separate additional permission, and probably shouldn't be exempted from having a visual notification with an easy way to mute the passive listening.
In Android, it's super simple for an ads framework or a malicious framework - installed as part of some useful app - to run a background service and keep recording microphone and phone calls.
It is possible to hack the Android platform or OS to prevent or mitigate mischief like that, but ironically, it requires devices to be rooted.
Android architecture rewards the bad guys by obstructing the good guys!
I think mass migration of all devices to something like Cyanogenmod is the only solution.
Most of this could probably be mitigated within the home by installing rodent deterrent systems that emit high frequency (inaudible) noise. It would like drown out the lower signal level of this type of signal. S/N ratio for the win.
I noticed hearing strange high pitched background noise i normally tend to hear from power supplies but only at certain advertising spots. I thought the TV might be about to fail, it may is, but this sounds plausible too.
I do believe they claim that they use inaudible sounds, i.e. something outside a human's hearing range. Sorry, but chances are your TV is going wonky on you.
I remember growing up always hearing around the house the hum of the CRT TV when my parents would turn the cablebox off and not realize they left the tv running. Parents never heard anything. You start to lose hearing at upper frequencies around as early as in your 30's... when I talk to my friends about this, a surprising number of them (even the non-techies) remember this barely-audible-CRT-hum noise pollution phenomenon.
The upper range of human hearing is about 20khz. From a design and manufacturing-costs point of view, it doesn't make sense to design a speaker that can reproduce sounds much above human hearing. If you're gonna be optimizing the speaker cone for anything, you're probably gonna set an upper bound around the upper range of human hearing, maaaybe go a little bit above if you're high quality and want to reproduce everything.
So, your average TV speaker is probably going to reproduce some sounds above the upper range of human hearing, but not too far above. The higher into the inaudible range you design your beacon, the more likely it's not going to work, because not enough TV's are going to be able to reproduce it and your system becomes unreliable.
If I was building such a beacon, there's a good argument to be made to target your signal tone at or slightly below the upper range of human hearing, making it audible.
So (unless I don't know some detail about speaker design and there's a class of speakers that aren't generally limited at around 20khz, in which case please share) I actually think it's likely they're using almost-inaudible tones. In which case OP should smile knowing 1) he's not yet losing his upper range of hearing, and 2) he's now experiencing the new generation of the barely-audible-CRT-hum noise pollution phenomenon.
-------
[edit: yep, looks like that's exactly what they're doing. Check out this short blog post from a comment further down about a guy spectograph-hunting for these:
The bottom of the post links to a patent for this tech. "It refers to the insertion of frequency-shift keying modulated data at 17.5 and 18.5 kHz." Boom. Right in the fuzzy area of the limits of human hearing. ]
> I do believe they claim that they use inaudible sounds...
The odds that a television manufacturer [0] has designed most of its TVs with speakers that can reliably reproduce either ultrasonic or subsonic frequencies are near-zero.
The odds that the marketing arm of a niche tech company will be dreadfully (some might say fraudulently) imprecise with their marketing copy are really, really high.
...unless they're starting to design TV's exactly for these "enhanced viewing experiences" and opening up a side-channel of profits to marketers and folks like Nielson.
Wasn't there one of the asian manufacturers the other month (I wanna say... Samsung maybe? please correct me if I'm wrong) that got caught building a SmartTV that recorded audio and sent those packets up through the network to who-knows-where? They eventually rolled that feature back, but not before they got enough press that they had to make a statement saying it was only for diagnostics or testing or something like that.
If you're, say, a multinational with a large mobile device division and a strong corporate mandate to make sure the mobile device ecosystem stays strong so profits keep flowing, is it too far fetched to think you would start looking for cross-division synergies that, lets say, grease the flow in this ecosystem? Perhaps you could introduce an extra component (or optimize an existing one for different parameters) that if, say, it saw a signal of a certain form, it might reproduce it in an invisible and obtrusive way. And if it helps major players in the device ecosystem, well, great, the ecosystem stays strong and mobile devices continue to roll off the shelf.
Complete speculation, but not an unreasonable line of thinking?
> ...unless they're starting to design TV's exactly for these "enhanced viewing experiences" and opening up a side-channel of profits to marketers and folks like Nielson.
This presumes two things:
1) Enough TVs are made with speakers that can reliably reproduce actually ultrasonic or subsonic vibrations.
2) Enough microphone ship on devices that can reliably detect actual ultrasonic or subsonic vibrations.
I don't see this happening any time soon.
Hell, it'll be easier [0] to get this sort of information from the cable company by way of the cable box attached to the TV, or easier and (probably) cheaper to get this info from video playing software [1] that runs on the TV, or the inbuilt CATV/OTA tuner. [2] Maybe mix in an approximate headcount from the camera embedded in the TV to "enrich" the data.
Cameras embedded in TVs? Apart from the Samsung "smart TVs" with an obvious camera that can be rolled in/out of use, are there really cameras on television sets? I've heard people talk about hidden cameras in set top boxes and tvs for at least a decade, but it always sounded like nonsense. It has the potential to go really bad if people discovered something like a camera hidden.
> Cameras embedded in TVs? ... I've heard people talk about hidden cameras in set top boxes and tvs for at least a decade, but it always sounded like nonsense.
I never asserted that the cameras would be hidden. :)
Like you said, cameras are embedded in at least one model of "modern" television. Either laziness or "gamification" can be used to get many folks to keep the camera in the in-use position.
However, TV sound is band-limited (Analog TV at ~ 15kHz IIRC, the higher band is used for CC), not sure about digital tv, maybe 20kHz (not considering limitations on the sound circuits + speakers)
NTSC had an upper frequency limit of about 16kHz but AFAIK Nielsen boxes still picked up what was playing from "inaudible" signals. Whether that's a high frequency tone or a broadband watermark I don't know.
I don't know. I have not thought about this being malicious, so i did not note which spots caused this. But its clearly starting with a spot and end with it. Could also be some kind of issue in the TV with some color combination or stuff like that.
He pretended to run a hacking crew in Gamer. Had dreams of what life would be like as a real one. That's where his transformation and stealthy visits on HN began.
> The Google On app will automatically find your OnHub. OnHub will then send a setup code directly to your mobile device via an audio tone. For best results, hold your phone right above your OnHub and reduce ambient noise like music.
Neat method of convenient no-setup wireless configuration. Thanks for posting, haven't realized they've started doing this!
The microphone permission is one of the most pernicious. What might not be immediately clear to people is that a number of ambient sounds and almost all ambient music emit steganographic location data. Furthermore, additional metadata is encoded in other data that your phone's sensor package can read if it turns out to be on.
Even if this is a real threat vector, I imagine that in the time it would take to make this illegal and try and prosecute even one person, it will have been dealt with naturally by device manufacturers. Already this would be easy to defend against with any devices with properly granular permissioning. Meanwhile, anyone this far out on the bleeding edge of trying to track you will have a dozen other fingerprinting mechanisms rolled out by then and will have no problem dropping this ludicrous attack.
The legal framework is actually already mostly in place due to laws detailing the necessary consent to record a telephone conversation. So it might not take much to extend that concept to applications on a phone other than the actual phone app.
It would be hard to argue the wiretap laws apply to recording ultrasonic sounds extracting data from them. Honestly their isn't even the need for the device to store the audio, much less send it off the device.
Microphone access, especially if it's always-on to listen for the cue, is going to end up recording conversations, and those conversations will almost certainly involve people who are not the phone's owner and so could not have consented to having that phone record them.
(also there's the general problem of devices "helpfully" listening all the time for magic phrases like "Hey Siri" or "OK Google")
Having microphone access dosent equal illegal wiretapping, sure it might be a prerequisite. Yet you need to prove more than that the app could illegaly wiretap you if the developer wanted to do that to use the law to go after these apps
Why do I get the sense that the advertising industry has a death wish. It's like there is periodically some secret meeting somewhere where they hatch plans for how they can get even the littlest old lady to hate them so much that they run ad blockers on everything and everywhere.
BTW, I have always wondered why there are seemingly no solutions for blocking ads on a regular old TV, even if it's just a matter of muting the ads and then unmuting for the show/movie.
I remember I used to have a TV that you could easily set a timer on a channel when a commercial block started and then flip through the other channels and once the timer was up it would automatically switch back to the channel with the show or movie you were wanting to watch.
I get that that's not technologically very advanced, but the point is that that was many years ago and it's really not gotten better and even such simple solutions have disappeared and now we are left with highly sophisticated systems that will not allow for easy adding of ad blockers.
Now that TVs are connected, TV manufacturers get to have a piece of the ad pie. That would make them as reluctant as Google to make it easy to kill ads.
The developer who asked that question works for the company who released that app.
The app description also says "Download MI Mobile and activate today, then just keep your phone with you throughout the day (including while you watch TV) with MI Mobile running in the background." which made me suspicious.
Below is just a little bit of relevant source from the demo app. As you can see it certainly appears to be listening for audio beacons. Now the interesting part would be to find an easy way to determine which other apps are using this.
I'm not sure what you're referring to. An aapt dump shows the package name as 'SilverPush Demo App' (version 1.0.3). It appears the same in the app drawer. If you mean the class files, then yes they are obfuscated. ProGuard (or something like it) was used to obfuscate the Java, but that is pretty par for the course.
So presumably these (along with other mobile ad networks) can be blocked via hosts file or MinMinGuard (Xposed). Not great, but probably a good course of action for now.
More like we can't scan APKs for particular API calls because it looks like a call to a.a.b.a() internally. I guess package name was the incorrect term to use.
Oh right, yes exactly... Though some of the "Anti-virus" apps are pretty good about identifying ad networks, so I suspect it's not a big problem to detect one way or another. Of course SilverPush could get pretty nefarious if they wanted to, but if that demo app is a proper exhibition of their products then I don't think we should be very afraid :)
Thanks - just for next time, tusfiles seems to use very shady advertisers and I happened to open it in Chrome for Android. I was redirected to another APK download!
Sorry about that. I've had problems with Dropbox removing APKs in the past. Tusfiles is very lenient with that sort of thing but clearly there's a downside I hadn't noticed (ad block was enabled).
Wow, I'm impressed! But I'm also prepared. I always mute during TV ads, to reduce brain pollution. None of my boxes have microphones, and most have no audio. And I don't use smartphones.
Combine your techniques with adblocker software, and anyone's pretty much set. I do have systems with mic/speakers, but I block ads. And I don't own a smart TV, just a cheapo dumb one w/o an internet connection.
Yes, I forgot to mention browser security. I use private browsing mode, delete all cookies at browser shutdown, block ads and nonessential scripts, use Privacy Badger, and have disabled many insecure and useless features.
I feel like Apple actually does offer good privacy features on their devices. Of course watching one's parents just click OK on everything to make the alert dialog go away, makes you realize that the device makers can only do so much.
It sounds crazy, but I noticed my phone was emitting a quiet, high-pitched buzzing sound when I had 2048 open the other day. I wonder if this is what I was noticing.
It would have to sit between your source(s) and TV and decrypt/recrypt the audio in realtime -- which means it would need to support the various codecs in use today.
Would be easier to buy external speakers and wire it up with those.
If your tv is the thing generating the inaudible signals, it could still choose to play them using its internal speakers, and send just the 'real' audio to the external ones.
This is provocative and very tacky, but I'm sure that advertisers can cross correlate many clues about our web behavior, and already have a pretty good idea about our habits and responses to ads. I don't see a real need for this sort of creepy intrusiveness.
normally i'd say that it's not really paranoid if they're really out to get you...
but the attack vector described here. It requires too many devices actively compromised for any usable data to be gleaned. Manufacturers are somewhat sensitive to users demanding to control their devices peripherals. Microphones, webcams, cameras, speakers. It's not perfect, but there's enough moving parts here to make this kind of tracking seem bonkers.
For it to work, the person they have target will have blindly agreed to so many things that they have all the information they want on them anyway.
you mean one permission prompt, on one app they may have downloaded years ago?
everything else is just the advertisers including high-frequency beacons in their ad spots—it doesn't require any knowledge or cooperation of any of the intermediary steps.
Except with a QR code, I have to physically turn on my camera and point it to the QR code, i.e. I have to intend to process the QR code. Inaudible audio seems to be something that would not require user intention.
That's what I think is so cool about it -- half the issue with QR codes is that you have to open an app, point a camera at it, focus, and take a picture. With this technology, you don't have to do any of those things. Nor do you have to get on the same wifi, figure out how to bluetooth pair, or anything else like that.
I can't wait until the phone can detect EEG frequencies to guess what I might be thinking so that it can then bombard me with ads about shit I didn't even know I wanted!
Bonus points for messaging all my friends on Facebook to let them know I just was thinking about kinky porn!
It sure would take all the work out of making decisions (like what I may or may not like) or having to deal with all the pesky extra money and friends I have now!
Surely OP didn't mean to celebrate being tracked by advertisers. Emotional reactions are understandable, but if you take a step back, the technology could be used in a very different way. The problem is not that it uses sounds which are difficult to hear. The problem is that it does this without user's consent.
The latest Netflix update on Android asks for microphone permissions, saying that in the future they'll offer a way to call Netflix support from within the app. No, that's not a good reason; I have a phone for that. I've specifically avoided that upgrade; I'm hoping that my Nexus gets the upgrade to M before then, so that I can upgrade Netflix but deny it access to the microphone.