New research has discovered the rapid spread among Android apps of a recent form of ad tracking that monitors what users are listening to using hidden audio signals.

The ad tracking system, known as ultrasound cross-device tracking, or uXDT for short, involves advertisers embedding high-frequency ultrasound tones known as “beacons” into audio to allow them to detect the signal. This reveals information about an ad a user has watched across multiple devices, including smartphones, tablets, TV’s, PC’s or any device connected to the Internet.

Worse, in terms of privacy, the beacons do not stop at ad detection but also allow advertisers to determine the type of device a user owns. For example, they can determine that a user of a TV is also the owner of a smartphone, allowing them to compile data on information such as a user’s interests, what sort of devices they own and how many people live in a given location. Potentially that could enable them to deliver a more unified and tailored advertising experience.

Researchers at the Brunswick Technical University in Germany have found that uXDT is becoming more widespread in Android apps. A study of 1.3 million Android apps found that 234 Android apps now contain ultrasonic tracking, up from 39 in December 2015 and only nine in April 2015.

In addition, the study found that the use of uXDT wasn’t restricted to apps alone. Four of 35 physical stores checked in the European Union were found to be broadcasting messages and advertising that contained uXDT beacons, meaning that in effect any person walking into the store could be being spied on without their knowledge.

On a positive note, the same research failed to find any smart television sets that are currently using the technology, but that could change in the future.

Although the idea of being spied on by the use of inaudible beacons certainly sounds scary, some argue that ultrasonic tracking isn’t as dangerous as it could be for user privacy. Tom’s Hardware claimed Thursday that users still have to open the apps that contain the listening code for the tracking to work.

Users “also need to accept the RECORD_AUDIO permission in the apps that use ultrasonic tracking code,” the sites added. “However, many users don’t typically pay attention to which permissions they allow when they install an app, or they may believe other important features within the app require the audio recording permission to be enabled.”

Image: mstable/Flickr