PilferShush listens for ultra-high frequencies, like the ones utilized by ultrasonic trackers such as SilverPush, Alphonso, Lisnr, Shopkick, Signal360, and Fidzup. These signals are transmitted for purposes such as location tracking and consumer advertising, as demonstrated in this video. Ultrasonic frequencies can be emitted from devices as small and covert as Internet-of-Things lightbulbs, as demonstrated here. More often, however, signals are broadcast over retail speakers and bluetooth beacons.
If an app on your phone has recording permissions, it may be using the microphone to detect these tones (inaudible to the human ear) and discover information about who you are, where you are, who and what you're near, and what you're doing at any specific moment. Though SilverPush garnered international attention and warnings from the U.S. Federal Trade Commission in 2016, apps that utilize ultrasonic tracking are still prevalant. In December 2017, a New York Times article revealed that Alphonso was tracking children through the interaction of televisions with kid's games.
PilferShush app also includes background scanners for intermittent polling of microphone use (triggers exceptions via AUDIO_FOCUS, etc), scanning user apps for known package names used by audio beacon SDKs as well as RECORD_AUDIO, BOOT, receivers and services.
- Updated Android Studio build/release
- minimum API 18 (4.3)
- target API 23 (6.x)
- compiled API 26 (8.x)
testing devices
- LOW : s4 I9195 (deprecated) 4.3.1 (18)(CyanogenMod 10.2, F-Droid)
- DEV : s5 G900I (tainted) 7.1.2 (25)(LineageOS 14.1, GApps)
- HIGH : s5 G900P (user) 7.1.2 (25)(LineageOS 14.1, F-Droid)
- USB Audio routing test
- build for API 26, 8.x, 'O' and up features
The Critical Engineering Manifesto provides the methodological framework for all technological interactions.
Yale Privacy Lab explores the connection between privacy, security, and anonymity through hands-on software and hardware implementation. Yale Privacy Lab is an initiative of the Information Society Project at Yale Law School.
Kaputnik Go received 1st Class Honours from RMIT University (Melbourne, Australia) with a research thesis titled: "Knowing and Not Knowing: The Problem of Privacy in an Internet-of-Things World."
Copyright Kaputnik Go, released under the GNU General Public License version 3 or later.
Screenshots (as of 2.0.26)
- App open
- Detailed View
- Capture live
- Post capture
- Option menu
