Over 200 applications on the Google Play store contain software which uses inaudible sounds from TV commercials to obtain data about the end user. The developer, Silverpush, abandoned and denounced the intrusive software a year ago, but are unable to stop application developers from using their open-source toolkit.
— Anonymous (@AnonyOps) May 9, 2017
A study by the German university Technische Universitat Braunschweig found that 234 applications make use of the privacy-threatening software.
The apps covertly listen for ultrasonic sounds that marketers use as high-tech beacons to indicate when a phone user is viewing a TV commercial or other type of targeted audio. The data is often used to track shoppers’ movements and display ads that are most relevant to their interests or demographic on screens that are closest to them.
They can track location to a much higher degree of accuracy than using cell tower multilaterization, which United States police forces use to track criminals.
Crucially, none of the applications disclose their tracking capabilities in their privacy policies. This violates the stance of Google, who demand that every application on its Google Play store must disclose ‘how an app collects, uses and shares user data, including the types of parties with whom it’s shared’.
SilverPush CEO Hitesh Chawla was not aware that his own creation is currently being used by multiple applications. He told technology blog Ars Technica:
“We respect consumer privacy and would not want to build our business foundation where the privacy is questionable. Even when we were live, our SDK was not present in more than 10 to 12 apps. So there is no chance that our presence in 234 apps is possible. Every time a new handset gets activated with our SDK, we get a ping on our server. We have not received any activation for six months now.”
Leak of Nations | SilverPush surveillance software