Silverpush Stops Using Sneaky, Inaudible TV Audio Tracking Beacons After FTC Warning
from the tread-carefully dept
ISPs and cable companies already track and sell your online behavior, your location data, and effectively everything you do on the Internet (to the second). Now broadcasters and app developers are cooking up a new technology that uses so-called "smart audio beacons" emitted during television programs to help track user viewing habits. These tones, inaudible to the human ear, are picked up by applications which use your smartphone or tablet microphone to listen and record them. That data can then be used to build a profile that potentially matches your existing online data with your viewing habits.While the technology appears to currently only be in use overseas right now, the FTC felt the need to issue a press release recently warning companies using the technology that they too are being watched. The warning accompanied a letter the FTC sent to 12 app developers (pdf) that informs devs that if they use the technology and don't inform consumers, they're potentially violating Section 5 of the FTC Act. The FTC's attention was grabbed after they realized that the apps in question failed completely to inform users they were being tracked, or that they were even using the device microphone:
"...The code is configured to access the device’s microphone to collect audio information even when the application is not in use. Moreover, your application requires permission to access the mobile device’s microphone prior to install, despite no evident functionality in the application that would require such access. Upon downloading and installing your mobile application that embeds Silverpush, we received no disclosures about the included audio beacon functionality — either contextually as part of the setup flow, in a dedicated standalone privacy policy, or anywhere else."Two days later, the company pioneering this new snooping tech, Silverpush, announced that it had "exited from all UAB (Unique Audio Beacon) based business and shifted to a newer product line" and that it would "appreciate if SilverPush is not associated with UAB based business going forward." The company also seems to be claiming in conversations with the media that this sudden departure had absolutely nothing to do with the FTC's warning:
"When asked by Motherboard why it pivoted away from audio beacons, a SilverPush spokesperson would only say its decision was “a natural process to move to a more evolved product as a part of our business plan” that began almost a year ago, and again insisted that it wasn't responding to privacy concerns. The company spokesperson also said that SilverPush has never partnered with US app developers in the past, and claimed that any apps that integrate its audio beacon tracking code explicitly ask for permission before accessing a device's microphone through a pop-up message within the app itself.Much like the boiling frog metaphor, online privacy is eroded one degree at a time, without most people noticing the temperature shift. For example while it would have been controversial fifteen years ago, most people are currently ok with letting companies track absolutely everything we view (ISP deep packet inspection) and everywhere we go (location data tracking and sales). Still, the marketing industry occasionally pushes into territory that just creeps everybody out (like cable boxes that watch you). But what creeps everybody out today can and usually does become the new normal of tomorrow.
Motherboard was not able to verify these claims, because SilverPush will not identify which apps and companies are using its code. As of April 2015, the company claimed that 67 apps were using its code, allowing it to monitor around 18 million devices."
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: apps, audio becaons, ftc, isps, tracking beacons, tv
Companies: silverpush
Reader Comments
Subscribe: RSS
View by: Time | Thread
No worries...
[ link to this | view in chronology ]
privacy
That makes it even worse, not better.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Record shows
That's pretty much going to tell you who is using it.
[ link to this | view in chronology ]
Re: Record shows
[ link to this | view in chronology ]
Re: Record shows
Of course, anyone with cable or satellite TV is already monitored through their provider's set-top box...
The thing about all this monitoring is, just because a TV is on, doesn't mean anyone is watching it. As a TV-phobe myself, I've noticed that most people will flip a TV on automatically when they walk into a room, assuming it's not on already. Then it usually seems to exist in some sort of visual blind spot as they ignore it. In my area it's difficult to find a restaurant or business office without at least one TV either gesticulating in silence or trying to blare over attempts at conversation.
[ link to this | view in chronology ]
Re: Re: Record shows
Wow.
Thank you for reminding me that I live in a truly wonderful part of the country. Where I'm at, the only businesses what do this are bars (and not even all of them).
I also rarely see people leave TVs on if they aren't actually watching them. But they might turn them off when company comes over in order to avoid embarrassment.
[ link to this | view in chronology ]
Don't confuse ignorance for acceptance.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
Also given habits on the Google Play Store, I'm not sure these apps are exactly breaking anything. Instead they, like many others, could simply be asking for a range of irrelevent permissions.
[ link to this | view in chronology ]
Re:
The FTC's problem with the software in question is: "your application requires permission to access the mobile device’s microphone prior to install, despite no evident functionality in the application that would require such access" i.e. permission has been granted by the user (leaving Google off the hook, and breaking no functionality of the OS/permissions) but the app isn't offering a function to the user, it's just spying on the user, because the user allowed the app to use the microphone.
[ link to this | view in chronology ]
Re:
That's not a feature of the store, it's a feature of the OS. An app will crash if it tries to use a protected feature it hasn't asked permission for. It sounds to me like the issue is that this app generically asked for permission to use the microphone, but they didn't inform the user that it would be used when the app was not active.
[ link to this | view in chronology ]
Re: Re:
Only if the app is badly engineered. What actually happens is that if an app tries to use a system service it hasn't the proper permissions for, then that system service won't work for it. The only way this will cause an app to crash is if it assumed that the service always succeeds.
But this problem does hit on the main problem with Android app security: the granularity of the permissions is far, far too coarse. Apps that want to use a very specific facility often have to ask for permissions that grant them far more access than what they want.
This means that users can't really tell what an app is intending to do or to prevent it from doing nasty things while allowing it to do only what it claims it wants to do.
[ link to this | view in chronology ]
Re: Re: Re:
Not an easy problem to solve in a useful way though. I doubt many people pay attention to the permissions an app requests already, and if you make the permission a lot more specific, there will be a much longer list that's harder to understand to the casual user. They'll be even less likely to read or understand it. The new permission model could help with that though.
[ link to this | view in chronology ]
Re: Re: Re: Re:
But for those of us who are very conscious of these things, the existing model is of minimal use. If it were improved -- even along the lines of what CyanogenMod used to do in allowing you to revoke individual fine-grained permissions of already installed apps -- that can only help.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Ominous
This sounds like they came up with an improved method of doing the same (or even worse) tracking. Probably one that's harder to notice.
[ link to this | view in chronology ]
Re: Ominous
[ link to this | view in chronology ]
Re: Re: Ominous
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
Seems like something that just emits noise at those frequencies would defeat it.
[ link to this | view in chronology ]
I am curious. Has anyone ever attempted a suit against one of these entities for selling their information. Is there any kind of inherent trademark or patent to a person's private behaviour or actions online?
It is, after all, your shit that you're doing, and by doing it, it should be naturally guarded / protected under their law.
I'm just wondering. I'm trying not to troll here, but software companies have to get you to "agree" to their terms, and I've never seen something like that from my cable / ISP company sooooo........
:)
Yeah, I know, "Dumb question Monday."
[ link to this | view in chronology ]
btw - is still stealing one line of video and determining what you are watching?
[ link to this | view in chronology ]
I think it's time we start regulating privacy for real
No, I think it's time we pass some laws that say "No, you can't just record everything someone does 24/7 unless you provide regular details to that person on what was recorded, and with whom you shared that info."
[ link to this | view in chronology ]