How could I block or at least detect the use of ultrasonic side channels or Google Nearby Messages API on my smartphone?
My question is about the use of ultrasonic messages that are part of the modern advertising ecosystem and are also used by the Google Nearby Messages API.
When it comes to advertising, the type of ultrasonic messages that I am referring to are described in this Wired article titled "How to Block the Ultrasonic Signals You Didn't Know Were Tracking You", from 2016. The article says (emphasis added):
The technology, called ultrasonic cross-device tracking, embeds high-frequency tones that are inaudible to humans in advertisements, web pages, and even physical locations like retail stores. These ultrasound "beacons" emit their audio sequences with speakers, and almost any device microphone—like those accessed by an app on a smartphone or tablet—can detect the signal and start to put together a picture of what ads you've seen, what sites you've perused, and even where you've been.
The Wired article also mentions that:
Now that you're sufficiently concerned, the good news is that at the Black Hat Europe security conference on Thursday, a group based at University of California, Santa Barbara will present an Android patch and a Chrome extension that give consumers more control over the transmission and receipt of ultrasonic pitches on their devices.
Being that the article was from 2016, I looked at the Black Hat Europe conference from that year for more information about the Android patch. The presentation mentioned in the Wired article seems to be this one.
The presentation slides (available here) led me to the ubeacsec.org website where the researchers do have an android patch as mentioned in the Wired article. Alas that patch is a research prototype made for android-5.0.0_r3.
There is also this research paper from 2017, titled "Privacy Threats through Ultrasonic Side Channels on Mobile Devices". The authors of this paper found out for example that
- Advertising platforms such as Google's Universal Analytics and Facebook's Conversion Pixel provided services utilizing this technology. The researchers analyzed three commercial solutions: Shopkick, Lisnr and Silverpush.
- 234 Android applications analyzed by the researchers were constantly listening for ultrasonic beacons.
- Out of 35 stores visited in European cities, 4 were using ultrasonic beacons at the time of the research.
Anyway my interest is not just about blocking advertising trackers. Even though the marketing departments may be the largest consumer of this technology, it can be utilized in many other ways as well.
One alternative example use was provided in the 2016 Black Hat presentation above: to de-anonymize users who visit a "honeypot" website on the Tor network.
And this issue is related to another technology, namely the Google Nearby Messages API. The overview document written by Google about this technology (here) says that (emphasis added):
The Nearby Messages API is a publish-subscribe API that lets you pass small binary payloads between internet-connected Android and iOS devices. The devices don't have to be on the same network, but they do have to be connected to the Internet.
Nearby uses a combination of Bluetooth, Bluetooth Low Energy, Wi-Fi and near-ultrasonic audio to communicate a unique-in-time pairing code between devices.
The concerns about the Nearby Messages API are:
- Its ability to pass small binary payloads, i.e. presumably executable code.
- That while it is easy to disable Bluetooth and WiFi on a smart phone, it is not so easy to disable the microphone.
On whether Nearby API requires Bluetooth for operations:
The documentation for NearbyMessages on CocoaPods (for Apple devices) says, here:
By default, both mediums (audio and Bluetooth) will be used to discover nearby devices, and both mediums will broadcast and scan.
[...]
In some cases, your app may need to use only one of the mediums, and it may not need to do both broadcasting and scanning on that medium.
For instance, an app that is designed to connect to a set-top box that's broadcasting on audio only needs to scan on audio to discover it.
So as is explained in above text the API can use solely ultrasound if needed. Also being that the API seems to be included in Android as a standard feature (in the com.google.android.gms.nearby package) it should not require a specific app listening to the messages. This is also indicated by the answer here.
Question:
Are there ways to block or at least detect the use of ultrasonic side channels or Google Nearby Messages API on my smartphone?
(Update: With this question I mean not merely how to detect such use by apps that I could install, but also by Google's own user-tracking/advertising processes that may be running out-of-the-box.)
