Over 200 Android Apps Are Currently Using Ultrasonic Beacons To Track Users

Catalin Cimpanu, writing for BleepingComputer: A team of researchers from the Brunswick Technical University in Germany has discovered an alarming number of Android apps (234, to be exact) that employ ultrasonic tracking beacons to track users and their nearby environment. Their research paper focused on the technology of ultrasound cross-device tracking (uXDT) that became very popular in the last three years. uXDT is the practice of advertisers hiding ultrasounds in their ads. When the ad plays on a TV or radio, or some ad code runs on a mobile or computer, it emits ultrasounds that are picked up by the microphone of nearby laptops, desktops, tablets or smartphones. SDKs embedded in apps installed on those devices relay the beacon back to the online advertiser, who then knows that the user of TV "x" is also the owner of smartphone "Y" and links their two previous advertising profiles together, creating a broader picture of the user's interests, device portfolio, home, and even family members.

Oy, how to block this?

[RJFerret]

I already have a firewall and Hosts file on my phone to inhibit stuff talking to the world that I don't choose, but certain things I want to have 'net data access...

Obviously Android permissions are only so fine-grained and more and more users (particularly of younger generations) accept any of them.

A piece of tape over a webcam is one thing, but to disable a mic, not so easy to open things up nowadays to cut a wire!

Re:Oy, how to block this?

[AmiMoJo]

Just open up your phone and unplug the microphone. No-one uses those things to make calls any more anyway.

I remember a few years back someone modded a flip phone with a magnetic switch so that when it was closed the mic was physically disabled. This was around the time that details of MI5/NSA malware that could turn the mic on were coming out. If someone made a phone with a physical slider that disabled the mic and camera, or even just a magnetic switch and a flip open cover with a magnet in it, I'd buy that.

Also, phone mics should have a hardware low pass filter that cuts off stuff above the human hearing range. In fact I'm surprised that they don't... Android could block it with a bit of software filtering too, or just deny the app permission to use the microphone.

Re:Oy, how to block this?

[Baron_Yam]

1a) Hardware switches need to come back into fashion. CUT THE WIRES. Since physical switches have an irritating habit of failing, they need to be easily replaceable, so they need to plug in and touch contact points, not be soldered in.

1b) These switches should exist for power and every corruptible/interceptable I/O path. If a light sensor senses, an LED blinks, a mic listens, or tone is generated, there should be a physical, circuit-interrupting switch to kill the related hardware. If there isn't, your device isn't as secure as it could be.

2) The OS should fake permissions for apps, since so many refuse to run without access they don't actually require. Instead of 'yes/no' when access is requested, we need the options 'yes', 'no', and 'fake it'. Anybody who demands location, camera, mic, contact, and file access to run their app that needs none of that should not be respected enough that you have to go with 'just do not install'. They're immoral, you be immoral right back.

Re:

[Archangel Michael]

'yes', 'no', and 'fake it'.

This is pure evil genius.

Re:Oy, how to block this?

[FatdogHaiku]

'yes', 'no', and 'fake it'.

This is pure evil genius.

Pretty sure it's also the foundation of some marriages...

Re:

[JustAnotherOldGuy]

'yes', 'no', and 'fake it'.

Sounds like my first wife's operating system.

Re:Oy, how to block this?

[ctilsie242]

XPrivacy used to do exactly this on Android. An app wanting a GPS location? Here is one. Contact info? Here is a randomly generated list. Ad IDS? Pick a 128 bit number.

Re:

[Baron_Yam]

Nice. Sadly, my company uses iPhones and the iOS alternative only works on jailbroken devices.

Re:

[Anonymous Cow Ward]

When you say "used to" - did it go away for some reason?

Re:Oy, how to block this?

[Rakarra]

1a) Hardware switches need to come back into fashion. CUT THE WIRES. Since physical switches have an irritating habit of failing, they need to be easily replaceable, so they need to plug in and touch contact points, not be soldered in.

But then you would have to increase the thickness of the phone by 0.5mm, and that would be a FUCKING DISASTER.

Re:

[radarskiy]

Even worse, that will increase the BOM by 10 cents.

Re:

[dargaud]

Your point 2 is right on the money, and I've been saying it from the very beginning of Android. Every app should present you with its requested permission and you MUST have the choice at this stage to fine grin every permission to yes/no/fake it. Not just "do not install the app". And also for every update that changes permissions.

Yes, there are apps that can change permissions of other apps, but you need to be root (my current phone doesn't currently have a root crack), and it's way too cumbersome to run

Re:

[Ann O'Nymous-Coward]

Bzzt, WRONG answer! Hint: what do you do when ALL the apps are shitty?

Re:

[sims 2]

I would love a software filter to take that high pitched bad mic whine out of old tv shows but I've never found one.
It doesn't bother most people because most people can't hear it such as why they didn't fix the mic at the time.

Re:

[AmiMoJo]

I use Virtual Dub and some scripting to fix that.

Re:

[omnichad]

Why not just a low-pass filter?

Re:

[antdude]

Void its warranty? What if we need the mic to talk to it like phone calls?

Re:

[Archangel Michael]

See OnePlus 3(t) slider, which is three position for alerts, but similar to what you are asking for. As in "Doable".

What I would like is a programmable slider, one that I could make it disable mic or camera.

Re:Oy, how to block this?

[FatdogHaiku]

See OnePlus 3(t) slider, which is three position for alerts, but similar to what you are asking for. As in "Doable".

What I would like is a programmable slider, one that I could make it disable mic or camera.

But if it's done in software it can be undone in software. I don't know any code that can bridge a physical gap in a circuit... a micro reed switch and a magnet on a flip phone or a slide on a smart phone... but it HAS to break the circuit(s) in question. Maybe a switch with micro jumpers to configure paths...

Re:Oy, how to block this?

[EndlessNameless]

There is this thing called age-related hearing loss. By the time they're in their 30s and 40s, most people will be lucky to hear 15 KHz. It is not uncommon to have healthy adults who are unable to hear above 10K-12K.

Do you care to adjust your opinion in light of reality? Because you can google this if you don't want to take my word for it. Age-related hearing loss, aka presbyacusis, is very much an established fact.

Re:

[Waccoon]

Not that I doubt it's a problem for some people, but I'm 40, and according to audio calibration tests I can still hear the full normal frequency range. It probably helps that I always wear hearing protection at work, keep my headphone volume low, and don't have any kids. 8)

Re:

[daniel23]

as i have no modpoints:
INSIGHTFUL

actually the first comment I#d mod up in the entire conversation up here

Captain Obvious here...

[Anonymous Coward]

But is there a list of these know apps?

Re:

[nospam007]

"Can a cell phone's speaker reproduce sounds over 20khz?"

It doesn't have to, it only 'listens' what you hear.
It just spies on you, there's no other term to describe it.

Which Apps???

[Rob Riggs]

Completely useless, alarmist, unactionable article. Name names, dammit.

Re:

[wvmarle]

If I understand it correctly: any app that shows ads is a potential beacon. Not just the 200 or so that record the sounds, it's the ads that emit the sounds. As long as you use an app with ads (like most apps have), and are near someone with one such listening apps on their device, you may be tracked ultrasonically.

Re:Which Apps???

[Archangel Michael]

Trying to avoid a "lawsuit" by not naming them. I'm all for Name n Shame, but the lawyers will sue when the vendor's stupid app was named and they claim it didn't (even when it did) and they lost "Millions in revenue" (previous 8 months they did $50).

Sad world we live in, where the lawyers fuck everything up protecting the guilty.

Re:

[networkBoy]

so anon name and shame then.
They need to publish that list, as I would uninstall any app that did this.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[omnichad]

They have enough of an API, you could just about write an open source client for it. That might reduce how much info is exfiltrated.

Re:

[omnichad]

Update - Apparently that's been done, but it didn't work very well due to imposed limitations on the API:
https://play.google.com/store/... [google.com]

1 known name

[DrYak]

At least Spotify clearly states when it uses ultra-sounds to identify which device is connected to which speaker within which range.

Re:

[daniel23]

As I have no mod points I say:
INFORMATIVE

It's more sinister than that

[Baron_Yam]

>When the ad plays on a TV or radio, or some ad code runs on a mobile or computer, it emits ultrasounds that are picked up by the microphone of nearby laptops, desktops, tablets or smartphones. SDKs embedded in apps installed on those devices relay the beacon back to the online advertiser, who then knows that the user of TV "x" is also the owner of smartphone "Y"

Imagine you're on your phone and browsing the web. You load one of those ads, and your phone now broadcasts your advertiser-assigned unique ID via ultrasound. OK. Who says it has to be another device YOU own that picks it up?

How difficult would it be to drop listening devices in high traffic areas that listen for those tones, sending location information back to whoever? And that's just to augment other devices that might be infected with a listen-and-report app.

This isn't an advertising tool, it's a ubiquitous surveillance tool for three-letter-agencies that advertisers have discovered. That is, of course, assuming it actually works outside a lab and isn't just an untested fantasy the ad types latched onto.

Anyway, IF phones can both transmit and detect ultrasonic tones (which I question), it's only a matter of time until someone produces a 'secure' phone that has physical filters in line with the speaker and mic wires to filter out anything outside the range of human hearing.

New app needed.

[BarbaraHudson]

Wanted: an app that broadcasts ALL these signals, making them think you've got every product already, so they won't waste their time trying to sell you anything. Or just pollute their data to the point it's useless.

Re:

[Z00L00K]

Alternatively an app that can detect this.

Re:New app needed.

[Baron_Yam]

>Wanted: an app that broadcasts ALL these signals, making them think you've got every product already, so they won't waste their time trying to sell you anything.

Since to be useful the sound must be unique to the user (in order to be matched to you by the receiving device), you'd need to know their algorithm for generating the sounds. It's probably a hash of some unique device ID available to applications, and not terribly difficult to figure out, but it's not as simple as 'broadcast it all!'

>Or just pollute their data to the point it's useless

An ultrasonic static generator would be more practical. Drown out any signals you haven't noticed and silenced with noise. You might piss off your dog, though.

Re:

[BarbaraHudson]

The article says that each device generates a unique ID. Random IDs should work, since they won't know ahead of time what ID a particular device will generate.

Re:

[FudRucker]

if they are flooded with noise making them useless then unique IDs will be unreachable to their tools still making their clever hack useless, if turning off the microphone is not easy or not possible just bury their spyware in noise

Re:

[FudRucker]

that is a good idea, flood them with so much noise that they become useless, if you cant turn it off, turn it on and up so much that they are buried over their heads in the noise they were looking for

Re:

[Altrag]

You're assuming they care about you. They don't. If they're missing one out of their hundred million data points, they won't even give a collective shrug.

You would need to convince a significant number of people to install whatever blocking/polluting app for it to have any effect at all. If anything, being the one polluter in your region would make you stand out just as much as your ID would.

Not to mention humans aren't the only ears around. Dumping advertising signal into the ultrasonic is questionable

Re:

[BarbaraHudson]

Just to avoid being added as a single row in a database so large that you aren't even a rounding error.

Those rounding errors add up. See "Office Space [imdb.com]." That's what got them into the mess in the first place.

Peter spends the next several days hanging with Joanna and fishing with Lawrence. He shows up back at Initech at the request of the Bobs to find out that not only is he getting a promotion, people reporting to him, a raise and stock options, but that among others both Samir and Michael Bolton are being fired. He meets with his friends that night and asks Michael Bolton if the virus he's always talking about will really work. Michael explains that the virus will take the fractions of a penny that remain on every bank transaction and deposit them into an account. The theft will be so gradual that it will take years before it's even noticed. The three friends agree that it's a foolproof scam, and decide to put it in motion the following day before Samir and Michael are let go for good. They also agree not to tell anyone else, even though Lawrence has heard all the details of the plan through the apartment wall. Peter assures Samir and Michael that "he's cool."

The next morning Peter checks the balance in the illicit penny-pinching scam account and finds it is a shocking $305,326.13! The three friends meet, and Michael chalks the glitch up to a mundane detail that he's possibly overlooked.

Re:

[jbmartin6]

How about if our hypothetical app listened for the signals from everyone else's devices and just randomly repeated them? If enough people used the "Echo" app the data set would become useless.

Re:

[Altrag]

That's definitely better for not spamming the ultrasonic frequencies and annoying dogs everywhere, but this:

If enough people

is still a massive flaw in your design.

Re:

[BarbaraHudson]

The smaller the speaker diaphragm, the higher the top end, all other things being equal. Speakers in laptops and (especially) in phones and tablets are really, really small.

Re:

[freeze128]

Imagine if an ad played on the TVs in a place like Best Buy. This is starting to behave like a virus.

Re:It's more sinister than that

[Anonymous Coward]

"Hey there, Jim. Looks like you're in the market for a new TV. This Samsung 65" 4K model would look perfect from any point in your 10' by 20' living room. If you're not sure, just go ask Bob next door. He bought one last week and the whole family has been enjoying its crystal clear display. You can even control it from your iPhone 6 Plus, but the experience is much better with a new Samsung phone. Have you considered upgrading that? Don't worry, your MacBook Air will still connect to any new Samsung phone or television. What do you say Jimbo? Oh, you're more interested in the 50" models? You wouldn't be getting quite the same experience, but... Oh no, Jimmy, you don't want one of those Vizios, just slide on back to the Samsungs. Jimboree? Jim-jam? James? Come back here before I tell your wife where you were last Thursday night."

Re:

[wbr1]

This. My phone goes lots of places. It has my location data. So, if an app has access to location data, it is far easier to link based off of that and ip data. Presumable when my phone is at a residential address, and my IP on the phone is the same as the one on other devices (tv, PC, etc) that can create a linkage. However ultrasound? What if I am at a friends an it picks up his/her TV, or anywhere else? What if it is an ad on a TV in a bar? I think the SNR here too high to be useful for advertiser

Re:

[jittles]

>When the ad plays on a TV or radio, or some ad code runs on a mobile or computer, it emits ultrasounds that are picked up by the microphone of nearby laptops, desktops, tablets or smartphones. SDKs embedded in apps installed on those devices relay the beacon back to the online advertiser, who then knows that the user of TV "x" is also the owner of smartphone "Y"

Imagine you're on your phone and browsing the web. You load one of those ads, and your phone now broadcasts your advertiser-assigned unique ID via ultrasound. OK. Who says it has to be another device YOU own that picks it up?

How difficult would it be to drop listening devices in high traffic areas that listen for those tones, sending location information back to whoever? And that's just to augment other devices that might be infected with a listen-and-report app.

This isn't an advertising tool, it's a ubiquitous surveillance tool for three-letter-agencies that advertisers have discovered. That is, of course, assuming it actually works outside a lab and isn't just an untested fantasy the ad types latched onto.

Anyway, IF phones can both transmit and detect ultrasonic tones (which I question), it's only a matter of time until someone produces a 'secure' phone that has physical filters in line with the speaker and mic wires to filter out anything outside the range of human hearing.

Your phone definitely already does this if you visit the right websites. I have seen several big name URLs play ads (don't ask me the URLs cause I forget them, but they're mostly news related) that cause the music I am listening to to pause and for some embedded audioclip to play in that website. Drives me freaking nuts!

Re:

[GuB-42]

How difficult would it be to drop listening devices in high traffic areas that listen for those tones, sending location information back to whoever? And that's just to augment other devices that might be infected with a listen-and-report app.

Pretty hard actually. Ultrasounds have short range and noisy area with plenty of moving obstacles isn't the best place to put such a system.
And smartphones have some form of filtering out of inaudible frequencies. Ultrasounds are considered useless, so why waste energy amplifying these signals. And why waste bitrate transmitting them digitally. Speakers working in the human hearing range don't like them either, it's like feeding the treble to a subwoofer.

Re:

[Baron_Yam]

Who cares? And you've eliminated the Chinese, Russians, Israelis, and basically every competent intelligence agency in the world in your quest for assigning partisan blame domestically.

Re:

[omnichad]

Stenography would seem more viable.

Steganography would be a lot more useful here.

Re:

[Thanatiel]

Steganography does not work.
Any method can be destroyed by itself.

Re:

[omnichad]

Someone didn't read the thread they were replying to. GP post I was replying to said "stenography"

Re:

[omnichad]

Nyquist theorem. If your phone's DAC is operating at 44.1KHz, you can't reliably reproduce any sound frequencies above 22KHz.

Re:

[BronsCon]

Even the cheapest bottom-of-the-barrel phones have 48KHz DACs, but that's largely irrelevant when we're talking about the 18.5-20KHz band.

Re:

[omnichad]

The headline called it ultrasonic. 18.5KHz is not that.

Re:

[BronsCon]

But the tiniest bit of research will tell you that's precisely the band it uses. Yes, technically "ultrasound" starts at 20KHz, so even a 44.1KHz DAC can handle low ultrasound, up to 22.05KHz. That's a 2.05KHz band, well wider than the 1.5KHz band currently being utliized, so there's plenty of room for them to migrate to that band (or the 22-24KHz band made available by the 48KHz [minimum] DACs found in all current model phones) at any point in the future.

Re:

[omnichad]

Still a misleading headline. Most microphone/speaker response curves cut off sharply after about 20KHz, regardless of what the DAC can handle. You may not be able to produce/detect at the needed volume. This is probably why their upper end cuts off there - and it will probably continue to not be ultrasonic.

Re:

[BronsCon]

I use a sleep tracking app that uses ultrasound to detect restlessness. It operates in the 20-24KHz band on devices with 48KHz DACs and up to 32KHz on phones with better hardware (like my current and last 3 devices) and seems to work quite reliably. Of course, I also have a $50 burner that I use when traveling which can't use that feature, but I really had to dig to find a device on which it wouldn't work.

That feature has to operate in the ultrasound range, as any audible sound may be disruptive to one's

Re:

[Agripa]

Nyquist theorem. If your phone's DAC is operating at 44.1KHz, you can't reliably reproduce any sound frequencies above 22KHz.

Operating at 44.1kHz means that the DAC cannot reproduce more than 22kHz of bandwidth but that bandwidth could be anywhere. Bandpass filtering the output to produce 22kHz to 44kHz would be no problem. Subsampling IF radios work this way and so does my sampling oscilloscope.

Re:

[omnichad]

If you're piggybacking on existing systems that use audio in human hearing range, none of that is relevant.

Re:

[BronsCon]

Workaround: start jerkin' it whenever an ad you don't care about comes on. Reinforce ineffective ads to drive ad agency success rates through the floor.

Rearch paper for this.

[mystik]

Cited research paper:

http://christian.wressnegger.i... [wressnegger.info]

Found via the reddit thread on the same topic, It names a few of the apps, primarily using the SilverPush library.

For real?

[fish_in_the_c]

This sounds just a hair too far 'out there' , still that is ugly.

The assumption ( other devices are owned by you) would be false under many circumstances so this tech, if it actually exists would be near to useless for that purpose. There are devices owned by other people in your home, your office , and the coffee shop you go to regularly. Of coarse you might be able to make smart assumptions about a lot of this but the articles 'other devices in your home' is obviously not a simple use case for such a th

the apps/developers

[nomadic]

According to the article, offending apps seem to be mostly from India and the Philippines. They list 5 "representative apps" with developers:

Application Name Developer Version Downloads
100000+ SMS Messages Moziberg 2.4 1,000,000 – 5,000,000
McDo Philippines Golden Arches Dev. Corp. 1.4.27 100,000 – 500,000
Krispy Kreme Philippines Mobext 1.9 100,000 – 500,000
Pinoy Henyo Jayson Tamayo 4.0 1,000,000 – 5,000,000
Civil Service Reviewer Free Jayson Tamayo 1.1 50,000 – 100,000
TABLE 2: Third-party applications with SilverPush functionality

Re:

[Anonymous Coward]

Xaxis, who is owned by WPP (one of the largest marketing agencies on the planet) has been selling this service for a few years: https://www.xaxis.com/products/view/xaxis-sync

iPhone also?

[Highdude702]

I'm pretty sure Pandora does this on iPhone also. Last week I was on an artists site and listening to pandora on my phone. All of a sudden a song by that artist was played on a channel that was completely unrelated to that type of music. Kind of odd I thought, as I've had this happen before simply by talking to a friend about a song, and the very next song is the one we had talked about. Or maybe I'm just crazy.

Re:

[Parsec]

a channel that was completely unrelated to that type of music

This is too often my experience with Pandora.

Re:

[chihowa]

Pandora did ask for access to my microphone when I installed it. Not seeing any legitimate need for that, I denied it, but you may be on to something.

Re:

[jbmartin6]

Pandora does this even without a microphone in the vicinity, in my experience. I suppose it is possible, but why would they bother?

very accurate

[holophrastic]

my neighbours, three walls and three windows away, the contractor finishing my basement, the tvisions in the sportsbar. I'm not a hobbit on a mountain-top, I interact with people most of most days, and often never again.

Not such a big issue on Android 6+

[afidel]

The app permission system makes this a minor issue on Android 6+, just deny any app mic permission if it doesn't have a legitimate need to access the mic. I do wish Android app permissions were more granular at the UI layer like they are in the API (and like they were on Blackberries) but I realize that if you swamp the average user with too much information they'll just run away and not use the features, perhaps give granular control if you've enabled developer mode?

Re:

[omnichad]

Enabling Mic access is one thing - enabling it on a background task is something else entirely - there's still not enough granularity.

Battery Life

[omnichad]

My phone was so slow and the battery went dead so fast, I just did a factory reset on my phone a week ago. It's faster than ever. It's hard to tell which app was at fault, but something was sucking down some serious resources. I'm only reinstalling the necessary apps, and so far I've avoided any "shopping" or food rewards app.

Google should really shut down background apps and make them more transparent when they do exist.

Lots of effort

[Gilgaron]

This sounds like a lot of effort to get me to buy Charmin rather than store brand... how do they have enough money to crunch that sort of data set into something they can sell to businesses at a profit? If this was regular govt espionage of some kind it might make more sense.

stop it!

[AndyKron]

Why isn't this fucking ILLEGAL?

Re:

[GuB-42]

Probably because you agreed to it by accepting the terms of service you didn't read.

Re:

[iggymanz]

please provide link to any terms of service from broadly used wares that allow this

Muted Phone

[Jason Levine]

Unless I'm listening to music, I have the volume on my phone for media turned off. (I love "watching ads to get free stuff" in games. Launch ad, put the phone down, come back after 20-30 seconds of silence, and claim my free stuff.) If I'm right, would this prevent these ads from broadcasting?

Re:

[DontBeAMoran]

Or pets suddenly attacking their masters when they turn their TV on, when they use their phone, etc.

Re:That ringing in my ears

[ScienceofSpock]

If you recently upgraded your TV, that could be why. Seems that dogs couldn't really perceive motion on older TVs because the framerate and resolution were too low. Modern TV's with higher refresh rates and resolution makes it much easier for dogs to perceive it as real, and so they're paying more attention to TV on the whole. There's even a new TV channel FOR dogs.
http://www.foxnews.com/science... [foxnews.com]

much more complicated

[DrYak]

Seems that dogs couldn't really perceive motion on older TVs because the framerate and resolution were too low.

Carnivore (predator) pets like dogs and cats tend to be much more sensitive to motion.
They will *perceive* motion on TV, it will just look more choppy and flickering to them.

Just like human where able to perceive motion in silent film era's 12-16fps, in half-rate/dupe-frame 12-15fps animation, or in "shitty low"-fps GIFs.
It looks a lot more choppy, than a 24/30fps or even a 48/60fps.
Or just like human *can* see the flicker of a 60Hz CRT monitor when looked at the periphery of the view (i.e.: where there are more rods - sensors with faster response that are also responsible for the pets better motion sensitivity).

I had my cats recognize and react to things on my old 50Hz CRT, even if *I* could notice the flickering.

Re:

[mesterha]

Carnivore (predator) pets like dogs and cats tend to be much more sensitive to motion. They will *perceive* motion on TV, it will just look more choppy and flickering to them.

I would assume prey would be more sensitive. I'd rather miss a meal than be a meal.

Re:

[arglebargle_xiv]

http://www.foxnews.com/science

My brain just melted. Or does Fox mean "alternative science"?

Re:

[Imazalil]

Sorry to say, but the old-folks, no matter how many generations back you go were just as lazy and indifferent about this stuff as we are now.

Now it's terrorists, then it was Communists, Nazis, the British, the Romans, you name it, everyone was willing to gloss over an awful lot.

Re:

[BronsCon]

Sorry to say, but the old-folks, no matter how many generations back you go were just as lazy and indifferent about this stuff as we are now.

This is correct; it is once you stop being willing to take it up the ass from everyone who expects you to do so that you become one of the "old folks" yourself. I've been one for over a decade now and I'm only 35.

Re:

[BronsCon]

Perhaps we can find a nice quiet diner where we can hold our weekly meetings without having to yell over the noise of all them damn kids?

Re:

[ColdWetDog]

If they are actually using ultrasonic audio frequencies it won't work with analog FM stereo transmissions. The stereo pilot is 19 KHz so the audio output of the receiver cuts off above 18 KHz. On AM radio transmissions the audio bandwidth is restricted to around 5 KHz. For digital transmissions (TV, HD FM, etc) I suspect the audio is also bandwidth limited.

FTFA noted by mystik above, they are use modulated 18-20K tones. It appears that the phone mics, software and transmission lines can handle these frequencies well enough to encode a small amount of information.

A pulse beacon, if you will.

Re:I call bullshit

[ColdWetDog]

Yep, it occurred to a number of people. That's why they're using 18K or so as the frequency. Remember, there isn't a hard wall cutoff here, just a drop in response. If all you're trying to do is send a couple of bytes of information, you can be slow and sloppy.

Re:

[omnichad]

Headline still says ultrasonic. Technically incorrect.

Re:I call ignorant poster

[Anonymous Coward]

Simply because the cutoff frequency is at 18Khz doesn't mean that a transducer completely stops working at that frequency. The cutoff frequency is the frequency where the response drops 3db below the more-or-less flat lower frequency response, depending on both the mechanics of the transducer and on any added electronic filtering. There will be detectable response far beyond the 15- or 18-khz cutoff frequency, both on the output and input sides of a transducer. And it's not as though the perfect fidelity

Re:

[DRJlaw]

Tiny speakers like the ones in a smartphone are going to hit 18khz at BEST. It's probably closer to 15khz in reality. Even high-end studio monitors only reach 20-22khz. It takes specially designed transducers to operate in the ultrasound range. This story is complete bullshit.

Tiny speakers are easier to drive at high frequencies because there's so little mass to drive. Also, your assessment is just plain wrong.

The iPhone 3GS and 4, for example [quora.com], are just as capable of pushing out a 20kHz signal as a 10kHz

Yet it works.

[DrYak]

Did anybody stop to consider the fact that speakers and microphones by-and-large are not capable of ultrasound frequencies? {...} It takes specially designed transducers to operate in the ultrasound range.

not optimized for ultra sound (like your car's parking range finder)
!=
impossible to even pick faint ultra sound.

You don't want to perfectly reproduce ultra-sound music for your dog.
You just want "morse-code" level of vague faint ultra sound.

Tiny speakers like the ones in a smartphone are going to hit 18khz at BEST. It's probably closer to 15khz in reality. Even high-end studio monitors only reach 20-22khz.

Yup speaker are mainly optimized for the human hearing range. (mostly in the 10Hz to 15kHz) range.
Yet it doesn't go silent at 15001Hz, just less efficient.
As stated in the article, they use 18kHz : at that frequency it's hard for human to really notice, but speak

Re:

[Archangel Michael]

Lawyers.

Next question!

Re:

[OhPlz]

Why would the government want to ban its own surveillance program?

Re:

[omnichad]

Depending on what it sounds like, that could be coil whine [wikipedia.org] from your Ethernet/WiFi when refreshing the page via AJAX.

Re:I think Facebook does it too

[Anne Thwacks]

For the past few months, my laptop speakers have been emitting a quick data "chirp" very sporadically. It's modulated frequencies above 10k, a duration of 0.5 to 0.75 seconds, and it happens on a very irregular basis.

Switch to Ubuntu: every time you logout, your sound system will switch back to default settings that won't work, and you will only remember to reconfigure it when you actually want to hear something, and then you can spend 20 mins getting it working again, by which time the bug infested chirpy-chirpy-cheep-cheep app will probably have crashed anyway..

Re:

[DickBreath]

It's not a real egg. It's just industrial goo. But don't tell Dr. Franklin.

Re:

[sexconker]

Did somebody say LUDDITE ?