9

My question is about the use of ultrasonic messages that are part of the modern advertising ecosystem and are also used by the Google Nearby Messages API.

When it comes to advertising, the type of ultrasonic messages that I am referring to are described in this Wired article titled "How to Block the Ultrasonic Signals You Didn't Know Were Tracking You", from 2016. The article says (emphasis added):

The technology, called ultrasonic cross-device tracking, embeds high-frequency tones that are inaudible to humans in advertisements, web pages, and even physical locations like retail stores. These ultrasound "beacons" emit their audio sequences with speakers, and almost any device microphone—like those accessed by an app on a smartphone or tablet—can detect the signal and start to put together a picture of what ads you've seen, what sites you've perused, and even where you've been.

The Wired article also mentions that:

Now that you're sufficiently concerned, the good news is that at the Black Hat Europe security conference on Thursday, a group based at University of California, Santa Barbara will present an Android patch and a Chrome extension that give consumers more control over the transmission and receipt of ultrasonic pitches on their devices.

Being that the article was from 2016, I looked at the Black Hat Europe conference from that year for more information about the Android patch. The presentation mentioned in the Wired article seems to be this one.

The presentation slides (available here) led me to the ubeacsec.org website where the researchers do have an android patch as mentioned in the Wired article. Alas that patch is a research prototype made for android-5.0.0_r3.

There is also this research paper from 2017, titled "Privacy Threats through Ultrasonic Side Channels on Mobile Devices". The authors of this paper found out for example that

  • Advertising platforms such as Google's Universal Analytics and Facebook's Conversion Pixel provided services utilizing this technology. The researchers analyzed three commercial solutions: Shopkick, Lisnr and Silverpush.
  • 234 Android applications analyzed by the researchers were constantly listening for ultrasonic beacons.
  • Out of 35 stores visited in European cities, 4 were using ultrasonic beacons at the time of the research.

Anyway my interest is not just about blocking advertising trackers. Even though the marketing departments may be the largest consumer of this technology, it can be utilized in many other ways as well.

One alternative example use was provided in the 2016 Black Hat presentation above: to de-anonymize users who visit a "honeypot" website on the Tor network.

And this issue is related to another technology, namely the Google Nearby Messages API. The overview document written by Google about this technology (here) says that (emphasis added):

The Nearby Messages API is a publish-subscribe API that lets you pass small binary payloads between internet-connected Android and iOS devices. The devices don't have to be on the same network, but they do have to be connected to the Internet.

Nearby uses a combination of Bluetooth, Bluetooth Low Energy, Wi-Fi and near-ultrasonic audio to communicate a unique-in-time pairing code between devices.

The concerns about the Nearby Messages API are:

  1. Its ability to pass small binary payloads, i.e. presumably executable code.
  2. That while it is easy to disable Bluetooth and WiFi on a smart phone, it is not so easy to disable the microphone.

On whether Nearby API requires Bluetooth for operations:

The documentation for NearbyMessages on CocoaPods (for Apple devices) says, here:

By default, both mediums (audio and Bluetooth) will be used to discover nearby devices, and both mediums will broadcast and scan.

[...]

In some cases, your app may need to use only one of the mediums, and it may not need to do both broadcasting and scanning on that medium.

For instance, an app that is designed to connect to a set-top box that's broadcasting on audio only needs to scan on audio to discover it.

So as is explained in above text the API can use solely ultrasound if needed. Also being that the API seems to be included in Android as a standard feature (in the com.google.android.gms.nearby package) it should not require a specific app listening to the messages. This is also indicated by the answer here.

Question:

Are there ways to block or at least detect the use of ultrasonic side channels or Google Nearby Messages API on my smartphone?

(Update: With this question I mean not merely how to detect such use by apps that I could install, but also by Google's own user-tracking/advertising processes that may be running out-of-the-box.)

user100487
  • 503
  • 4
  • 8
  • From my understanding this will not work on Android (at least with Google's API) while Bluetooth is turned off. There are no settings to adjust the "Nearby Messages" in detail, but the ultrasonic messaging should not work while Bluetooth is turned off. – Martin Fürholz Sep 25 '19 at 02:44
  • hi @MartinFürholz, I updated my question with information regarding whether Bluetooth needs to be enabled. – user100487 Sep 25 '19 at 18:05
  • I think you are confusing the "Nearby Connections API" and the "Nearby Messages API"s. Nowhere in the Nearby Connections API documentation you cited is any hint that this is using ultrasonic audio as well. It is a peer-to-peer networking API. – Martin Fürholz Sep 26 '19 at 00:23
  • @MartinFürholz, I removed the reference to the "Nearby Connections API". About the Connections API the documentation [Choosing the right API](https://developers.google.com/nearby/overview) that "It uses Bluetooth, Wi-Fi, **and other technologies**". What-ever those other technologies then are. Considering that it is part of the same Nearby package. But the current question only refers to the Messages API so that is now out of question. – user100487 Sep 26 '19 at 13:28

1 Answers1

1

This is not the answer you are looking for, but it is too long for a comment so here goes.

Apps collect your personal information because it is part of their financing schemes. By preventing the collection with technical means you are breaching a implied pact with their developers. If you don't want to leak your information then you should read permission requirements and privacy policies, eventually not installing apps that don't confrom to your privacy standards.

It is a responsibility of any decent OS to put the user in the position to understand and limit app permissions. Any attempt to hack it by technical means could solve it for few technical people but would leave the rest of the population exposed. This is the usual scenario "I don't need to kill or to run faster than the lion, I just need to run faster than you guys" by which big tech companies social engineer most hackers nowadays separating them from the pack.

Anyway, from the Android manual:

To ensure that users are in control of the experience, an opt-in dialog is presented the first time the user accesses the Nearby Messages API

Solution: answer no to the dialog

You can avoid the opt in dialog if your app has been granted the ACCESS_FINE_LOCATION permission and only uses BLE during publishes and subscribes.

Solution: don't install app with permission ACCESS_FINE_LOCATION (permissions are nested/hidden in play store pages).

Enos D'Andrea
  • 1,047
  • 5
  • 12