There’s an interesting story out there about ads that play ultrasonic sounds that permit cross-device tracking. While this is being described as detecting devices that all belong to one user, it seems possible it would sometimes detect devices all belonging to the same family – a slightly different task but also one marketers are interested in solving. It likely depends on where and how frequently these linking ultrasonic sounds are emitted.
And, as I’ve seen others note and is alluded to late in this article, the SilverPush software development kit that is largely being credited for current implementations of this technique seems an awful lot like malware:
Use of ultrasonic sounds to track users has some resemblance to badBIOS, a piece of malware that a security researcher said used inaudible sounds to bridge air-gapped computers. No one has ever proven badBIOS exists, but the use of the high-frequency sounds to track users underscores the viability of the concept. Now that SilverPush and others are using the technology, it’s probably inevitable that it will remain in use in some form. But right now, there are no easy ways for average people to know if they’re being tracked by it and to opt out if they object.
Of course, this also reminds me of an article from a few weeks ago reviewing a study of 110 popular, free smartphone apps: User data plundering by Android and iOS apps is as rampant as you suspected. If you want to feel really helpless, consider the one piece of protective advice that article is able to suggest: “One thing app users can do to safeguard their personal information, the researchers suggest, is to supply false data when possible to app requests.” I wonder if paying for apps rather than choosing free alternatives would have any positive effect.