240 comments

[ 4.3 ms ] story [ 243 ms ] thread
This just doesn't seem feasible in the real world. Sending out high frequency sound from a device is one thing, but having the other devices actively listening for the sound, is quite a feat. It's mentioned inside a block of text in a quoteblock in the article: "The inaudible code is recognized and received on the other smart device by the software development kit installed on it.". From where does one get this SDK installed on their device with enough permissions to actively listen for its counterpart ad? There's just too many points of failure for this to be a real threat, or a real marketing tool for that matter.
a) there are apps already that always listen

b) lots of developers use ads or other SDKs in their apps, not to mention we just saw Xcode poisoned with a malicious SDK

XCode wasn't poisoned, someone released a hacked copy of it on a popular file sharing site
21 May 2014, Arstechnica. "Passive listening will soon be a feature for Facebook app during status updates" http://arstechnica.com/business/2014/05/passive-listen-will-...
2015 this does already exist, but only for the mobile Android app, and it's opt-in. So as you type a status update, it will listen for any music or TV audio and determine what you are listening to.
How many Android apps don't have microphone permissions?
That was my first too. What's listening for this? Good luck getting me to grant random apps permission to use my mic.

It could be a "Smart" TV though, listening for your phone/tablet/laptop, or a device installed in places like cafes...

Pre-6.0 Android permissions aren't granular and are 'take it or leave it' approved at first install. Some apps install services that run at startup. This would make for a rather excellent monetizatation/interactivity strategy for a chat app, which already has all the necessary permissions for 'normal' operation (think Snapchat LIVE or Moments).

Sonic networking in action: [1] http://smus.com/ultrasonic-networking/ [2] https://gigaom.com/2014/06/26/chromecast-will-use-ultrasonic...

Full disclosure: I work for an audio beacon startup (in bio).

You're correct about microphone permissions related to the SDK. On iOS, this means displaying the top colored bar when you're using the microphone too... IMHO it's not something you can just turn on and not realize it's being used.

We use our listening tech at concerts and event to distribute triggered content and messages from the speaker infrastructure to attendees' phones (ex. "this drink line is long, go to the other one", "here's a free song from the artist on stage right now", "<sponsor> is giving away a free thing", etc.)

Why not just use bluetooth beacons for that?
The strongest answer is that bluetooth beacons don't work well in huge infrastructure. Sometimes you don't have a place for them to go or they get stolen. Also it's free to use the speaker infrastructure, but outfitting and managing hundreds of beacons is not cheap. Some of our clients have switched to audio beacons for similar reasons.

The Brooklyn Museum did a nice writeup of why bluetooth beacons at scale didn't work for them.

https://www.brooklynmuseum.org/community/blogosphere/2015/02...

Yes, BT beacons are not cheap when you buy $100 ones from a startup, also whole article was TLDR:'if only we could but a can of spray paint and change color of beacons, but we cant so oh well'
Those beacons have some kind of rubberized case; you can't really spray-paint that. (Also, last I heard the cheaper beacons still weren't terribly cheap and had awful battery life.)
HM-10s are a couple bucks in bulk, but managing a large deploy is still difficult.
(Not the original commenter) I suppose because of the short range relative to concert venue sizes, and because generally BLE sucks.
iOS is red when you put the app in the bg but not when in the fg
So many apps request permissions that would make this possible that I believe that it is a real threat.
You don't think devices such as the Amazon Echo could do such a thing?
I know at least one group that has used mobile-phone ultrasonics for sonar imaging of breathing. http://apnea.cs.washington.edu/

In terms of entropy, breathing rate is a lot of information: several breaths per minute. So if something of that rate can be noncooperatively recovered, the claim in your comment about cooperative recovery is dubitable.

>I know at least one group that has used mobile-phone ultrasonics for sonar imaging

me too, nan nannana naaana BATMAN!

Please stop posting unsubstantive comments to Hacker News.
It sounds crazy, but I noticed my phone was emitting a quiet, high-pitched buzzing sound when I had 2048 open the other day. I wonder if this is what I was noticing.
Which 2048 app?
2048+ Plus Pro Free HD
Sounds like the name for a Samsung phone.
I love how they add HD to the title of the app. As if it wouldn't be!
This was just 2048 for iOS though I don't know that this was the cause. It might have just been the iphone radio causing interference on the speaker.
or swamp gas reflecting off the ionosphere. it's probably nothing so nothing to worry about, move along.
Jokes on you, my TV is 15 years old and I've a Nokia 1100.
the good old days, when only the crazy people were suspicious of their appliances spying on them.
Even better, I own neither :)
Oh my god, that is so interesting and different. You must be a really unique and free thinking person to not own a TV or a phone. I bet you have really interesting opinions!
Oh hey, someone from Reddit decided to comment here instead.
I love how you combat a shit reply with a shit reply of your own. As if Reddit is a single entity and not a collection of somewhat independent communities
I love how you combat a shit reply with a shit reply of your own. As if Reddit is a single entity and not a collection of somewhat independent communities
This is ludacris. Where is this currently being applied, if anywhere in the general wild?
(comment deleted)
Ludacris: http://thekoalition.com/images/2013/05/Ludacris.jpg

Ludicrous: http://dictionary.reference.com/browse/ludicrous

(Sorry, normally I wouldn't point out a spelling mistake, but hopefully this one is amusing as well as informative.)

there's no proof either way, I choose to believe that Ludacris browses hn under a pseudonym
Agreed. Luda also has > 100 karma and a public key in his profile link.
He pretended to run a hacking crew in Gamer. Had dreams of what life would be like as a real one. That's where his transformation and stealthy visits on HN began.
Dial-up internet involves converting bits into sound (both in audible and ultrasonic spectrums) and then back on the other end of a phone line.

The Google Tone extension (http://googleresearch.blogspot.com/2015/05/tone-experimental...) uses both ultrasonic sound and an audible DTMF-based codec.

Audio tones are also used for setting up Google OnHub routers; the router emits a tone and the Google On setup app listens for it. (https://support.google.com/onhub/answer/6246481?hl=en)

woah

> The Google On app will automatically find your OnHub. OnHub will then send a setup code directly to your mobile device via an audio tone. For best results, hold your phone right above your OnHub and reduce ambient noise like music.

Neat method of convenient no-setup wireless configuration. Thanks for posting, haven't realized they've started doing this!

Listen up. Nothing in this reality, currently, is particularly secure. Use anything outside your own brain at your own risk. Seriously.

Things are likely to improve, but it's going to take time.

> Things are likely to improve

A rosy view

Someone must keep the faith. Without it, we're all fucked. :)
Yep... these are the good old days when you can think stuff and no one else knows about it. Enjoy it while it lasts little brother.
A multi-tenant only view will lead to obvious outcomes for single tenants. My sense is that this is the nature of things, to vacillate between single-tenant and multi-tenant models. A pure multi-tenant model, which is also highly secure, is probably little different from this reality. It's exceedingly difficult to make things vanish here.
Well, there's one more reason to block online ads and avoid watching TV. It's as if the people developing this tech want to be put out of business.
They don't care. They're swimming in money now.
This tech gets them more business... they know what they're doing.
If untrusted code has this kind of access to your microphone, you have much bigger problems.
And/or an Android phone, apparently.
If Android apps can use the microphone without a clear indication, especially in the background, then that is a serious security bug in Android and should be reported with that context and fixed, rather than weird nobody's-fault alarmism.
Welcome to Android, hope you'll enjoy the stay.
That's what you get with a permission model of "hey, if you don't like that this app asks for every permission known to man, just don't use it!"
Well no. I purposely avoided getting into that territory, even though I have strong feelings probably similar to yours.

Even with the take-it-or-leave-it faux-contract of adhesion permission model, there should be a visual indication when an app is using the microphone. Background microphone (not as a result of a directly preceding user intent) should be a separate additional permission, and probably shouldn't be exempted from having a visual notification with an easy way to mute the passive listening.

In Android, it's super simple for an ads framework or a malicious framework - installed as part of some useful app - to run a background service and keep recording microphone and phone calls.

It is possible to hack the Android platform or OS to prevent or mitigate mischief like that, but ironically, it requires devices to be rooted.

Android architecture rewards the bad guys by obstructing the good guys!

I think mass migration of all devices to something like Cyanogenmod is the only solution.

Since Google's own "Google App" listens in the background without a clear indication, I doubt Android will be fixed on that point.
Dear marketers. Please die horribly. Preferably in a fire.
I noticed hearing strange high pitched background noise i normally tend to hear from power supplies but only at certain advertising spots. I thought the TV might be about to fail, it may is, but this sounds plausible too.
Which ads?
I don't know. I have not thought about this being malicious, so i did not note which spots caused this. But its clearly starting with a spot and end with it. Could also be some kind of issue in the TV with some color combination or stuff like that.
It could have also been just a poorly mixed ad.
I do believe they claim that they use inaudible sounds, i.e. something outside a human's hearing range. Sorry, but chances are your TV is going wonky on you.
However, TV sound is band-limited (Analog TV at ~ 15kHz IIRC, the higher band is used for CC), not sure about digital tv, maybe 20kHz (not considering limitations on the sound circuits + speakers)
I think CC is carried in the video's vertical blanking interval, at least in NTSC, rather than the audio.
> I do believe they claim that they use inaudible sounds...

The odds that a television manufacturer [0] has designed most of its TVs with speakers that can reliably reproduce either ultrasonic or subsonic frequencies are near-zero.

The odds that the marketing arm of a niche tech company will be dreadfully (some might say fraudulently) imprecise with their marketing copy are really, really high.

[0] Let alone most-to-all of them.

...unless they're starting to design TV's exactly for these "enhanced viewing experiences" and opening up a side-channel of profits to marketers and folks like Nielson.

Wasn't there one of the asian manufacturers the other month (I wanna say... Samsung maybe? please correct me if I'm wrong) that got caught building a SmartTV that recorded audio and sent those packets up through the network to who-knows-where? They eventually rolled that feature back, but not before they got enough press that they had to make a statement saying it was only for diagnostics or testing or something like that.

If you're, say, a multinational with a large mobile device division and a strong corporate mandate to make sure the mobile device ecosystem stays strong so profits keep flowing, is it too far fetched to think you would start looking for cross-division synergies that, lets say, grease the flow in this ecosystem? Perhaps you could introduce an extra component (or optimize an existing one for different parameters) that if, say, it saw a signal of a certain form, it might reproduce it in an invisible and obtrusive way. And if it helps major players in the device ecosystem, well, great, the ecosystem stays strong and mobile devices continue to roll off the shelf.

Complete speculation, but not an unreasonable line of thinking?

> ...unless they're starting to design TV's exactly for these "enhanced viewing experiences" and opening up a side-channel of profits to marketers and folks like Nielson.

This presumes two things:

1) Enough TVs are made with speakers that can reliably reproduce actually ultrasonic or subsonic vibrations.

2) Enough microphone ship on devices that can reliably detect actual ultrasonic or subsonic vibrations.

I don't see this happening any time soon.

Hell, it'll be easier [0] to get this sort of information from the cable company by way of the cable box attached to the TV, or easier and (probably) cheaper to get this info from video playing software [1] that runs on the TV, or the inbuilt CATV/OTA tuner. [2] Maybe mix in an approximate headcount from the camera embedded in the TV to "enrich" the data.

[0] From a market coordination perspective.

[1] YouTube or Netflix "tuners" or whatever.

[2] Assuming TVs even ship with those anymore...

Cameras embedded in TVs? Apart from the Samsung "smart TVs" with an obvious camera that can be rolled in/out of use, are there really cameras on television sets? I've heard people talk about hidden cameras in set top boxes and tvs for at least a decade, but it always sounded like nonsense. It has the potential to go really bad if people discovered something like a camera hidden.
> Cameras embedded in TVs? ... I've heard people talk about hidden cameras in set top boxes and tvs for at least a decade, but it always sounded like nonsense.

I never asserted that the cameras would be hidden. :)

Like you said, cameras are embedded in at least one model of "modern" television. Either laziness or "gamification" can be used to get many folks to keep the camera in the in-use position.

Inaudible is a fuzzy line.

I remember growing up always hearing around the house the hum of the CRT TV when my parents would turn the cablebox off and not realize they left the tv running. Parents never heard anything. You start to lose hearing at upper frequencies around as early as in your 30's... when I talk to my friends about this, a surprising number of them (even the non-techies) remember this barely-audible-CRT-hum noise pollution phenomenon.

The upper range of human hearing is about 20khz. From a design and manufacturing-costs point of view, it doesn't make sense to design a speaker that can reproduce sounds much above human hearing. If you're gonna be optimizing the speaker cone for anything, you're probably gonna set an upper bound around the upper range of human hearing, maaaybe go a little bit above if you're high quality and want to reproduce everything.

So, your average TV speaker is probably going to reproduce some sounds above the upper range of human hearing, but not too far above. The higher into the inaudible range you design your beacon, the more likely it's not going to work, because not enough TV's are going to be able to reproduce it and your system becomes unreliable.

If I was building such a beacon, there's a good argument to be made to target your signal tone at or slightly below the upper range of human hearing, making it audible.

So (unless I don't know some detail about speaker design and there's a class of speakers that aren't generally limited at around 20khz, in which case please share) I actually think it's likely they're using almost-inaudible tones. In which case OP should smile knowing 1) he's not yet losing his upper range of hearing, and 2) he's now experiencing the new generation of the barely-audible-CRT-hum noise pollution phenomenon.

-------

[edit: yep, looks like that's exactly what they're doing. Check out this short blog post from a comment further down about a guy spectograph-hunting for these:

http://altmode.org/2015/11/13/searching-for-ultrasonic-beaco...

The bottom of the post links to a patent for this tech. "It refers to the insertion of frequency-shift keying modulated data at 17.5 and 18.5 kHz." Boom. Right in the fuzzy area of the limits of human hearing. ]

NTSC had an upper frequency limit of about 16kHz but AFAIK Nielsen boxes still picked up what was playing from "inaudible" signals. Whether that's a high frequency tone or a broadband watermark I don't know.
My dog always barks a lot during the ad breaks. Now I know why!
One of many reasons I find it amazing that applications ask for permission to the microphone when they don't have a good reason.

The latest Netflix update on Android asks for microphone permissions, saying that in the future they'll offer a way to call Netflix support from within the app. No, that's not a good reason; I have a phone for that. I've specifically avoided that upgrade; I'm hoping that my Nexus gets the upgrade to M before then, so that I can upgrade Netflix but deny it access to the microphone.

This is why on-demand permissions are one of the best features of Android 6.0. Don't want Netflix to access your microphone? No problem--don't let it.
Does it also allow a "popup request for each use" option? Seems like the right option for the Netflix hotline support feature.
No, but you can go into the phone settings and re-enable a permission for an app if you change your mind.
Aren't privacyguard's actions Ask / Never / Always?
Most of them, yes. There are a couple that are just on/off, like wake locks.
And remember. iOS has had this since its inception
BlackBerry had it too. There was a tree of permissions (broad categories at the top, specifics in the leaves) and you could set permissions to deny, allow or ask each time.
No, it didn't. iOS originally gave apps access to just about everything except background execution without any warning. At the time Android had the superior permissions model, with each app telling you what it needed at install and you being in control of whether or not you wanted to install it with that information. Older iOS apps had access to your photos, your contacts, and other stuff and could use it with no warning to you.

As a result of early privacy breaches, later releases of iOS added per-function permissions on demand, leap-frogging Android in terms of permissions functionality. Android has had some level of per-function permissions on demand in the works since Android 4.4 -- and you could use it in unofficial Android builds like CyanogenMod by turning off individual permissions for apps -- but the feature only finally made it into official builds in Android 6.0. It also got it properly in the API and manifest of apps as well so they can ask permissions as they need them... like the Facebook app needing access to your photos when you select to attach a photo to a post.

Apple started adding location services permissions 5 years ago. Android 6.0 has only just been released.

Whichever way you look at it it's pretty unacceptable that it's taken so long for Android to implement this.

> "Apple started adding location services permissions 5 years ago. Android 6.0 has only just been released".

Location permissions have been in Android since the version 1.0 of the API.

http://developer.android.com/reference/android/Manifest.perm...

But that is the permissions that only appear when you download the app from the store.

I am talking about the API permissions e.g. "the dialog box that pops up confirming you want to allow this app to read your location".

That is the point of this whole discussion right ?

I have to add that the Facebook app does not have to have or ask for any permission at all to let the user pick an image to publish in their stream. It can use Android Intents to delegate to the user's choice of image picker app to do that[0].

The Intent system[1] is the real ingenuity of the original Android platform. I wish it was used more. Unfortunately most apps choose to implement things like picking an image or an address from the address book in their own code instead - thus more or less forcing the user to submit excessive permissions to the app to get anything done - rather than using the intent system.

The 6.0 on demand permissions may be a decent step forward from the old way of forcing the user to hand over all permissions at install time. Even better would be if the user could indicate to the app that it should use an intent based solution instead requesting a certain permission.

Obviously there are exceptions to this, some tasks require permissions and cannot be resolved with intents.

[0] http://stackoverflow.com/questions/5309190/android-pick-imag... [1] https://developer.android.com/guide/components/intents-filte...

And then they waited until 3GS to have multimedia messaging. Let's not argue the benefits of one OS over another and derail the discussion into a fan service announcement.
And remember. Java/J2ME phones had this since their inception.
Java phones even supported asking for internet access... which is pretty much taken for granted now, and GPlay doesn't even show that an app needs it.
If you could deny access to an application with no good intrinsic reason to go online (eg single player game) then you would probably block ads too, and that's not in Google's interest.
For HTTP requests, yes. Using sockets requires the "Full network permissions" permission.
I was behind the curve on smartphones for a long time. Luckily my dumbphone had 3G and Java, so I had Google Maps and Facebook on my dumbphone... with multitasking! Slow as hell, but the dumbphone=>smartphone transition was more gradual than most people realize - It was mostly about better UI and hardware; the basic software was already there.
Frankly many "dumbphones" could rival iPhone when it launched, yet the press went gaga about smartphone for the masses (because Apple made it, natch).

The basic problem was that USA was lagging the mobile world severely, so when the likes of iPhone shipped over there it seemed like a revolution for that insular market. I just wish the wider (tech) press didn't so much unquestionably parrot the US press.

> because Apple made it, natch

Or because it just plain felt better to use and was available on a heretofore unprecedented scale among people who shape public opinion. But that doesn't allow one to impute some kind of invalidity to the occurrence, does it?

I mean any phone can rival the iphone. It's also not hard to see that the mobile browsers at the time were utterly miserable to use. Touch was only a part of it.
> Frankly many "dumbphones" could rival iPhone when it launched

Did you live through these? I used most of the pre-iPhone Nokia S40 smartphones and owned a few of them, both "consumer" N-series and "professional" E-series. They only rivaled iphones in the checkbox sense: features were technically present on the phone, anything beyond that was missing, the hardware was usually insufficient, the software was garbage on both usability and performances, the overall experience was utterly miserable. After I finally switched from my E70 to a 3G the only thing I wondered is why I hadn't switched earlier (answer being I didn't want to lose the checkbox of 3G support, never mind that I'd have had more utility from 2G on an iphone than I did from 3G on an E70).

And dumbphones didn't come close (dumbphones were what non-corp US users used).

Still own a SE C702, and it has served me well.
People quickly forget that the iPhone didn't have the appstore at launch. It was an ipod with browser, maps, email, sms and a phone.

I think the real innovation was the data contract, getting a decent data allowance for other phones was for Rockerfella.

As of iOS 5, contacts were stored in a world-writable SQLite database. An app that corrupted this database would break contacts for all apps, causing some apps to crash or misbehave, and no permissions were required. (I ran across this on my personal iPad on an app I was developing, after a fit of overconfidence regarding SQLite encryption and whitelisting vs. blacklisting.)
(comment deleted)
Got this via Cyanogenmod already on 4.4 and I use it all the time.

Not just for permissions by the way, Privacy Guard can also prevent wake locks and auto start permissions. That's a serious battery life saver.

Thanks for this, I didn't realise you could do this in CM. You can also check when the permissions were being used. For the Netflix app I noticed the "record audio" permission had never been used, but I've set it to explicitly ask me if it tries to use it.
I use this extensively myself, but the one problem that I'm facing is that it makes some applications unstable. Usually, I just uninstall them as I'd rather sacrifice my comfort than my security and privacy.
Android 6.0 does those things for you too. (Doze and App Standby)
sounds like cm is used as a testing channel for new features.
I used to believe that and installed CM 12.1 on my phone only to find out that the restrictions don't really work. Whatsapp was able to read my messages (automatic phone verify) when I had disabled the access. Digging around I found out this is the case even with XPrivacy (there are open issues on github) which is supposed to be more extensive. There are some situations when the blocks aren't enforced at all (like some native calls). I got a nexus 5x, android 6 permissions feature actually works.
Just sad that Google has lumped the permissions into categories, and also put a bunch of them into "safe".

Yeah yeah, clueless aunt Tillie will flip something and complain that its broken. But persisting this way means that you (Google and anyone agreeing with their stance) are breeding whole generations of Tillies.

Indeed. Six categories seems like a pretty small number.
iOS has this for years without a problem, so Google has to find a better reason why they screwed this up for so long.
And before iOS, J2ME phones had very fine-grained permissions (though it was usually the carrier that controlled them).
Depends on where in the world you lived...
FirefoxOS (I was using v1.3, not sure about earlier or later versions) did the same, it was pretty neat. It's really nice that they are doing it from the very early days, not waiting for their app marketplace to become bigger.

    > I've specifically avoided that upgrade; I'm hoping that
    > my Nexus gets the upgrade to M before then, so that I
    > can upgrade Netflix but deny it access to the
    > microphone.
Weird - mine stopped working when the upgrade became available; until I reluctantly installed it.
I wonder. If an Android app sticks to api level 22, then presumably they can continue demanding those permissions without having them denied, even on Android 6.0, no?

There are already apps that let you re-write a side-loaded app's permissions, but that usually doesn't work very well. I tried re-writing Facebook's permissions and it aborts fairly quickly.

I guess it depends how they worked it in. Is it in the app permission requesting code? Then yeah, app would need to upgrade their api level. Is it on the OS level, and they'll do something like just give null/useless data when you deny the permisson? Then it wouldn't matter.
That's how cyanogen does it - empty address book, camera that always takes black pictures, etc. But I didn't think that Google would ever do that, and @T-A's link to howtogeek.com seems to confirm this. The app will fail on api calls that previously worked and you'll be stuck restoring the permissions.
When revoking permissions from older applications, you’ll see a warning message saying, “This app was designed for an older version of Android. Denying permission may cause it to no longer function as intended."

Older applications weren’t designed for this feature, and they generally just assume they have access to any permissions they request. Most of the time, applications should just continue working normally if you revoke their permissions. In some rare cases, the application may crash — if it does, you’ll need to give it permission again.

So yeah, if Facebook decides to stick to api level 22 for a while, you won't be able to un-privilege it.

I know you are giving Facebook as just an example but they have updated their app. If any well known app company continues to do this you can assume they are avoiding/delaying the API update to get more of your data and you should stop using them if you can.
My Huawei P6 (yep, a Chinese company providing user selectable privacy options) shipped with some variant of this, and i have yet to see anything break when using it.
They can. But you can then enter Options and turn those specific permissions off. Apps like that get fake data, like an empty contact list or that the device doesn't have GPS present/turned on.
That's how cyanogen works, but Google will never do that. The howtogeek.com link that someone else here posted confirms this - apps will just fail and you'll be stuck restoring the permission.
Well, you'll restore the permission if you want to use that app, but if you disable microphone permissions and the app breaks for no reason, do you really want to keep using that app?
Exactly. An app like Netflix couldn't get away with that; if it started breaking, people would contact Netflix support, and if the answer was "turn on the microphone", people would demand a reason why it needs to have access all the time.
I completely agree with you that we shouldn't be using applications that demand more permissions than are obviously needed, but...

...the top 10 flashlight apps in the Play store require network access, camera access, address book access, etc. I can't believe that there would be any great complaint among the majority of android users if Netflix asked for microphone access. And that's exactly why we need the ios-style permissions that google is finally bringing to android.

If you mean flashlight apps that use the flash LEDs, that explains why they need camera access. Address book is ridiculous, though.

As for people complaining: a few recent upgrades of Google applications asked for additional permissions without explanation, and the "reviews" of those got inundated with comments complaining and asking about those additional permissions until Google gave a satisfactory explanation (Chromecast support).

They should only need Camera access. Or, if they're built to the new Android 6.0 APIs, they can use setTorchMode which is even better.

http://developer.android.com/reference/android/hardware/came...

Granted, they're unnecessary now because flashlight on/off is in the pulldown.

There is still the nuisance that the camera is activated for the torch mode and the autofocus hardware is audible on some phones.
That's really more the fault of the phone manufacturer than of Android, though. Most likely, the camera firmware and binary blob driver aren't distinguishing the calls.
Facebook will likely be one of the worst offenders for this. That's why Google may need to enforce the new permission model as soon as Android 7.0.
Facebook already updated their app.
Yeah, coarse-grained permissions are complicated

Sometimes they need it for only one feature. But in this case it could ask for permission for only a specific task, but since this functionality is not present (I think IOS allows on-demand permissions) it must be asked "for ever"

Having to call or chat support is the worst thing about Netflix support, most of the time I don't want to talk with someone on the phone about my problem and resolve it in realtime, I just want to send them an email, explain the issue, and then they can email me back in 24 hours.

I haven't tried their Chat support, but I assume it's like all of the other chat services where agents handle many customers at a time so it takes forever for each response back.

I tried their chat support, they were very outgoing, personable & solved my problem almost immediately. If they were helping other people at the same time, I certainly didn't notice.
The latest Netflix update on Android asks for microphone permissions, saying that in the future they'll offer a way to call Netflix support from within the app.

Seriously? Because that kind of overt lie would cross the line into outright evil.

"Call Netflix support?" Really? How stupid would someone have to be to buy that?

So can you prevent javascript in the browser from accessing android sensors without permission now?
Hmm I wonder if there is a way to test if netflix is using the technology. Maybe play the audio sound and check the processor usage or connect to the process and track the syscalls.
Windows 10 (desktop, tablet, mobile, all flavors) needs fine-grained permissions that can be granted and revoked in a similar manner. Even traditional desktop apps need to have similar sandboxing features.
But on Windows, stuff like the "Install->Next->Next->Next->Next->I agree->Next->Waaait for it->Next->Finish" dance has conditioned everyone but the security zealots to click "Yes" without even reading the dialog box. I've seen people with twitch-gamer like reflexes for accepting Windows prompts.
Just because you allow microphone access does it really mean they can listen to it without you being aware?
So a low-level low-pass filter would throw a nice wrench in this, right? I wouldn't really mind having most of my devices limited to 20Khz.
Depending on your age you could get away with a lot lower than that and not miss a thing.
(comment deleted)
How would you use a low-pass filter on a newer LED TV with HDMI?
It would have to sit between your source(s) and TV and decrypt/recrypt the audio in realtime -- which means it would need to support the various codecs in use today.

Would be easier to buy external speakers and wire it up with those.

If your tv is the thing generating the inaudible signals, it could still choose to play them using its internal speakers, and send just the 'real' audio to the external ones.
I think this requires more attention, across all media

Submit your comments to the FTC https://ftcpublic.commentworks.com/ftc/crossdeviceworkshop/

for more information about the upcoming event and to access comments: https://www.ftc.gov/news-events/events-calendar/2015/11/cros...

Invisible light should probably also be kept in mind, although probably not as problematic.
This, is beyond creepy straight out and out surveillance, and they need to piss right off.
Can someone get me a copy of the APK for https://play.google.com/store/apps/details?id=com.teleca.sam...? It's likely that this has the SilverPush SDK.
https://tusfiles.net/3d5ea3kw8nky

A very cursory look seems to indicate the microphone permission is used by Gracenote (https://developer.gracenote.com/) music recognition SDK.

Thanks - just for next time, tusfiles seems to use very shady advertisers and I happened to open it in Chrome for Android. I was redirected to another APK download!
Sorry about that. I've had problems with Dropbox removing APKs in the past. Tusfiles is very lenient with that sort of thing but clearly there's a downside I hadn't noticed (ad block was enabled).
No worries. If you've got some time, the SilverPush demo apps seem to be obfuscated and are out of my league.
Yeah I'm looking over it right now... I'll see what I can find out, if anything.
Damn, looks like I missed the mark on that one.

I was basing my assumptions on http://stackoverflow.com/questions/32432785/i-have-updated-a... which shows that the package we're looking for is com.silverpush.sdk.

The developer who asked that question works for the company who released that app.

The app description also says "Download MI Mobile and activate today, then just keep your phone with you throughout the day (including while you watch TV) with MI Mobile running in the background." which made me suspicious.

Below is just a little bit of relevant source from the demo app. As you can see it certainly appears to be listening for audio beacons. Now the interesting part would be to find an easy way to determine which other apps are using this.

    void a(String s1, String s2, String s3, String s4)
    {
        i();
        p.setVisibility(8);
        w.setVisibility(8);
        s.setVisibility(0);
        s2 = Uri.decode(Uri.encode(s2));
        if ("video".equals(s4.toLowerCase()))
        {
            s2 = new StringBuilder();
            s2.append(s3);
            t.loadDataWithBaseURL("file:///android_asset/", s2.toString(), "text/html", "utf-8", null);
            q.setText("Demo : Audio Beacon Detected");
            r.setText(s1);
            q.setText("Found a match !!");
            return;
        } else
        {
            StringBuilder stringbuilder = new StringBuilder();
            stringbuilder.append("<html><body style='margin:0;padding:0;background-color:black;'><a href='").append(s2).append("' ><img src='").append(s3).append("' height=250 style='margin:0 auto;display:block;' /></a></body></html>");
            t.loadDataWithBaseURL("file:///android_asset/", stringbuilder.toString(), "text/html", "utf-8", null);
            s3 = new StringBuilder();
            s3.append("<html><body style='margin:0;padding:0;background-color:black;'><a href='").append(s2).append("' ><img src='").append(s4).append("' height=50 style='margin:0 auto;display:block;' /></a></body></html>");
            u.loadDataWithBaseURL("file:///android_asset/", s3.toString(), "text/html", "utf-8", null);
            q.setText("Demo : Audio Beacon Detected");
            r.setText(s1);
            q.setText("Found a match !!");
            return;
        }
    }
The package name is obfuscated, correct?
I'm not sure what you're referring to. An aapt dump shows the package name as 'SilverPush Demo App' (version 1.0.3). It appears the same in the app drawer. If you mean the class files, then yes they are obfuscated. ProGuard (or something like it) was used to obfuscate the Java, but that is pretty par for the course.

It is connecting to a few servers:

  http://54.243.149.109:8040/register
  http://54.243.149.109:8086/receiver
  http://ad-x.co.uk/API/click/Hungind45789jo/am554ec53dd8d021/NET/aff_sub/SilverPush?subid=aff_sub2&ord=[random]
  http://mobext.com
  http://silverpush.com
So presumably these (along with other mobile ad networks) can be blocked via hosts file or MinMinGuard (Xposed). Not great, but probably a good course of action for now.
More like we can't scan APKs for particular API calls because it looks like a call to a.a.b.a() internally. I guess package name was the incorrect term to use.
Oh right, yes exactly... Though some of the "Anti-virus" apps are pretty good about identifying ad networks, so I suspect it's not a big problem to detect one way or another. Of course SilverPush could get pretty nefarious if they wanted to, but if that demo app is a proper exhibition of their products then I don't think we should be very afraid :)
This is really cool--it's essentially an audio QR code--and I think could improve the user experience across a number of apps.
Except with a QR code, I have to physically turn on my camera and point it to the QR code, i.e. I have to intend to process the QR code. Inaudible audio seems to be something that would not require user intention.
That's what I think is so cool about it -- half the issue with QR codes is that you have to open an app, point a camera at it, focus, and take a picture. With this technology, you don't have to do any of those things. Nor do you have to get on the same wifi, figure out how to bluetooth pair, or anything else like that.
So cool!

I can't wait until the phone can detect EEG frequencies to guess what I might be thinking so that it can then bombard me with ads about shit I didn't even know I wanted!

Bonus points for messaging all my friends on Facebook to let them know I just was thinking about kinky porn!

It sure would take all the work out of making decisions (like what I may or may not like) or having to deal with all the pesky extra money and friends I have now!

Surely OP didn't mean to celebrate being tracked by advertisers. Emotional reactions are understandable, but if you take a step back, the technology could be used in a very different way. The problem is not that it uses sounds which are difficult to hear. The problem is that it does this without user's consent.
Thank you, and yes I should clarify that I'm against that kind of espionage use. It's the technology itself that seems promising for other purposes.
@jimfenton recorded some audio from Cartoon Network in an attempt to find these beacons: http://altmode.org/2015/11/13/searching-for-ultrasonic-beaco...

FSK at 17.5 and 18.5 kHZ is one possibility, but wasn't detected in this experiment.

Awesome, thank you for posting with this! I was getting ready to fire up ffmpeg with my network TV tuner to begin searching for this. Now I know of one thing to look for.
To nit-pick: Anything under 20kHZ isn't ultrasonic. :) (Not that either you or the blog author called this high-frequency signalling "ultrasound", but it does appear to be what people are calling it. :/ )
But it seems to fall into the range used by those "mosquito" devices. Meaning it is on the edge of what most humans can hear at young age, and lost with age.
No doubt. It's still not ultrasonic. :)
(comment deleted)
If it's inaudible, that means I can't hear it, how am I supposed to 'beware' of the thing I can't perceive?
I am happy this was brought up. I have been approached by companies to add in "SDKs" of this sort. They usually offer to pay you per user. When you have scale, these companies while the app is open can scan for other media they need to link. I have witnessed iOS apps processing web ads, tv stations and radio ads. The freakiest was watching the software understand a tv show was playing, detect which show, then off a competing ad in the app.

It is quite amazing what a phone can absorb while sitting in a living room with a loud tv blaring (which is most of america).

See more: https://www.audiblemagic.com/ (Edit, you will see "Facebook" as one of their customers.....)

Please name and shame these companies. Thank you.
Facebook has a feature that allows to detect what you're watching or listening to when you post a status update. No secret or conspiracy there.
OK, but how do they present it? As a benefit to users? Or as a benefit to advertisers?
When you saw the iOS apps doing this, did they display the red "Recording" indicator bar at the top?
How is this possible if speakers usually have a working range of 20Hz-20KHz, and worse for microphones? It has to be audible
I really, really hope this is made illegal.

It borders on parody what level of dystopic thinking made this.

Even if this is a real threat vector, I imagine that in the time it would take to make this illegal and try and prosecute even one person, it will have been dealt with naturally by device manufacturers. Already this would be easy to defend against with any devices with properly granular permissioning. Meanwhile, anyone this far out on the bleeding edge of trying to track you will have a dozen other fingerprinting mechanisms rolled out by then and will have no problem dropping this ludicrous attack.

Legislation is rarely the right tool.

The legal framework is actually already mostly in place due to laws detailing the necessary consent to record a telephone conversation. So it might not take much to extend that concept to applications on a phone other than the actual phone app.
It would be hard to argue the wiretap laws apply to recording ultrasonic sounds extracting data from them. Honestly their isn't even the need for the device to store the audio, much less send it off the device.
Microphone access, especially if it's always-on to listen for the cue, is going to end up recording conversations, and those conversations will almost certainly involve people who are not the phone's owner and so could not have consented to having that phone record them.

(also there's the general problem of devices "helpfully" listening all the time for magic phrases like "Hey Siri" or "OK Google")

Having microphone access dosent equal illegal wiretapping, sure it might be a prerequisite. Yet you need to prove more than that the app could illegaly wiretap you if the developer wanted to do that to use the law to go after these apps
People are so paronoid these days. Our Internet of Things ganging up to control us!
normally i'd say that it's not really paranoid if they're really out to get you...

but the attack vector described here. It requires too many devices actively compromised for any usable data to be gleaned. Manufacturers are somewhat sensitive to users demanding to control their devices peripherals. Microphones, webcams, cameras, speakers. It's not perfect, but there's enough moving parts here to make this kind of tracking seem bonkers.

For it to work, the person they have target will have blindly agreed to so many things that they have all the information they want on them anyway.

"blindly agreed to so many things"

you mean one permission prompt, on one app they may have downloaded years ago?

everything else is just the advertisers including high-frequency beacons in their ad spots—it doesn't require any knowledge or cooperation of any of the intermediary steps.