Privacy Tools Guide

Ultrasonic beacon tracking represents one of the most insidious tracking techniques deployed by modern smart devices. While most users are aware that their phones and tablets can be tracked through GPS, WiFi, and Bluetooth, fewer people realize that inaudible sound waves in the 18-22kHz range can serve as a hidden communication channel between devices—and between devices and nearby receivers. This technique operates completely below human hearing threshold, making it nearly impossible to detect without specialized tools.

Understanding Ultrasonic Beacons

Ultrasonic beacons are high-frequency sound signals that devices emit and receive using their built-in microphones and speakers. The human ear typically perceives sounds between 20Hz and 20kHz, with sensitivity declining significantly above 16kHz. By operating in the 18-22kHz range, these beacons remain inaudible to most adults while still being detectable by device hardware.

The technology originated from legitimate use cases. Retail environments initially adopted ultrasonic signals to enable proximity-based features—for example, a phone detecting when it approaches a specific display. However, the same technology has been weaponized for cross-device tracking without user knowledge or consent.

How Cross-Device Tracking Works

The mechanism relies on embedding unique identifiers within ultrasonic audio signals. When a device with the appropriate software runs in the background, it can:

  1. Emit beacons: The device’s speaker transmits a unique identifier encoded as an ultrasonic signal
  2. Receive beacons: The microphone listens for nearby ultrasonic signals from other devices
  3. Correlate data: Analytics systems associate these signals with user profiles, building behavioral maps

This creates a covert tracking network where devices “see” each other through sound, even when no network connection exists. The tracking persists across sessions and can link multiple devices belonging to the same user.

// Example: Detecting ultrasonic beacons using Web Audio API
// This code demonstrates how a website could potentially detect
// ultrasonic signals in the environment

const SAMPLE_RATE = 44100;
const FFT_SIZE = 2048;

function detectUltrasonicActivity() {
  const audioContext = new AudioContext();
  const analyser = audioContext.createAnalyser();

  analyser.fftSize = FFT_SIZE;
  analyser.smoothingTimeConstant = 0.8;

  // Get microphone access
  navigator.mediaDevices.getUserMedia({ audio: true })
    .then(stream => {
      const source = audioContext.createMediaStreamSource(stream);
      source.connect(analyser);

      const frequencyData = new Uint8Array(analyser.frequencyBinCount);

      // Check for energy in ultrasonic frequencies (18-22kHz)
      // At 44.1kHz sample rate, bin 1765 = ~18kHz, bin 2156 = ~22kHz
      setInterval(() => {
        analyser.getByteFrequencyData(frequencyData);

        let ultrasonicEnergy = 0;
        for (let i = 1765; i < 2156; i++) {
          ultrasonicEnergy += frequencyData[i];
        }

        if (ultrasonicEnergy > 100) {
          console.log('Potential ultrasonic beacon detected');
        }
      }, 100);
    });
}

Real-World Applications and Privacy Concerns

Several categories of applications have been discovered using this tracking method:

Retail Analytics: Some in-store tracking systems use smartphone microphones to detect ultrasonic beacons from other devices, building heat maps of customer movement and dwell time.

Cross-Device Matching: Advertisers use ultrasonic signals to link devices that appear in proximity, building more complete user profiles by connecting desktop and mobile activity.

Smart TV Tracking: Certain smart TVs have been found to emit ultrasonic audio signals, potentially enabling tracking of viewing habits and household device graphs.

In-Store Purchase Confirmation: Some point-of-sale systems use ultrasonic signals to confirm when a mobile device (running a shopping app) is present at the checkout, linking online profiles with offline purchases.

Technical Implementation Details

The tracking works through several mechanisms:

Encoding Schemes: Beacons typically use frequency-shift keying or amplitude modulation within the ultrasonic range. The identifier is encoded as a series of tones that devices can decode.

Timing Patterns: Beacons often transmit in specific patterns—some continuous, others burst-based. Burst transmission reduces battery impact but makes detection more difficult.

Protocol Layers: Similar to network protocols, ultrasonic communication has defined layers for addressing, error correction, and data encapsulation.

# Python example: Basic ultrasonic beacon encoding
# Generates a simple ultrasonic beacon signal

import numpy as np
import wave

SAMPLE_RATE = 44100
BEACON_FREQUENCY = 18500  # 18.5kHz
DURATION = 0.1  # 100ms burst

def generate_beacon_signal(identifier: str) -> np.ndarray:
    """Generate an ultrasonic beacon containing an identifier."""
    # Convert identifier to bits
    bits = ''.join(format(ord(c), '08b') for c in identifier)

    # Generate carrier wave
    t = np.linspace(0, DURATION, int(SAMPLE_RATE * DURATION))
    carrier = np.sin(2 * np.pi * BEACON_FREQUENCY * t)

    # Apply simple on-off keying
    samples_per_bit = len(carrier) // len(bits)
    signal = np.zeros_like(carrier)

    for i, bit in enumerate(bits):
        if bit == '1':
            start = i * samples_per_bit
            end = start + samples_per_bit
            signal[start:end] = carrier[start:end]

    return signal

# Save as WAV for playback
signal = generate_beacon_signal("DEVICE123")
with wave.open('beacon.wav', 'w') as f:
    f.setnchannels(1)
    f.setsampwidth(2)
    f.setframerate(SAMPLE_RATE)
    f.writeframes((signal * 32767).astype(np.int16).tobytes())

Detection and Defense Strategies

For developers and security-conscious users, several approaches can help identify and block ultrasonic tracking:

Audio Context Monitoring: Browser extensions can monitor Web Audio API usage, alerting when websites or apps access the microphone for non-obvious purposes.

Ultrasonic Jamming: Some privacy tools emit background ultrasonic noise that interferes with beacon detection, though this approach has limited effectiveness and potential side effects.

Microphone Permission Review: Regularly auditing which applications have microphone access remains essential. Both iOS and Android provide granular permission controls that users should use.

Network Monitoring: Some tracking systems relay ultrasonic data through network connections. Monitoring network traffic can reveal suspicious communication patterns.

# Using SDR (Software Defined Radio) to detect ultrasonic signals
# This is a more advanced detection approach

# With an RTL-SDR dongle and ultrasonic microphone
rtl_fm -f 20000M:22000M:20000 -s 192k -g 20 -l 285 | \
  sox -t raw -r 192k -e signed-integer -b 16 - -t wav - | \
  ./ultrasonic_detector

Platform-Specific Mitigations

iOS: Users should review microphone permissions in Settings > Privacy & Security > Microphone. iOS 15 and later include indicators when apps actively use the microphone.

Android: Android 12+ provides a privacy dashboard showing recent microphone and camera access. Users can revoke unnecessary permissions or use permission manager to restrict background access.

Desktop: Browser extensions like Privacy Badger and uBlock Origin can block known trackers. For browsers, the Web Audio API can be restricted through extensions like AudioContext Defender.

What Developers Should Know

If you’re building privacy-respecting applications, avoid using ultrasonic channels for any tracking purpose. The lack of user consent makes this technique ethically problematic regardless of its technical feasibility. For legitimate proximity features, consider:

The technical capability to track users through ultrasonic beacons exists in most modern devices. Whether this capability gets used for benign purposes or covert surveillance depends entirely on the intentions of the application developers and the platforms that host them.

For users concerned about this threat vector, the best defense remains awareness and regular permission audits. The covert nature of ultrasonic tracking makes it particularly dangerous—it operates completely invisible to normal use while still exposing behavioral data to parties who never asked for consent.

Detection Methods

Beyond Web Audio API detection, several approaches can identify ultrasonic activity:

Software Defined Radio (SDR) Detection

Specialized radio hardware can detect ultrasonic signals:

# Using RTLSDR dongle to monitor ultrasonic frequencies
# Requires: RTL-SDR dongle (~$25), antenna, software

# Install RTL-SDR tools
sudo apt install rtl-sdr sox

# Monitor frequencies around 18-22kHz
rtl_fm -f 20M:22M:20k -s 192k -g 50 | \
  sox -t raw -r 192k -e signed-integer -b 16 - -t wav output.wav

# Analyze for patterns
# Presence of consistent tones = potential ultrasonic beacon

# Use Audacity or Sonic Visualiser for spectral analysis
# Look for spikes in 18-22kHz range

Frequency Analysis Tools

#!/usr/bin/env python3
"""Analyze audio files for ultrasonic beacon presence"""

import numpy as np
from scipy import signal
from scipy.io import wavfile

def detect_ultrasonic_patterns(audio_file):
    """Detect patterns in ultrasonic range"""

    sample_rate, audio_data = wavfile.read(audio_file)

    # Compute spectrogram (time-frequency representation)
    frequencies, times, spectrogram = signal.spectrogram(
        audio_data,
        fs=sample_rate,
        nperseg=1024
    )

    # Look for energy in ultrasonic range (18-22kHz)
    ultrasonic_mask = (frequencies >= 18000) & (frequencies <= 22000)
    ultrasonic_energy = spectrogram[ultrasonic_mask, :].sum(axis=0)

    # Detect peaks (potential beacon transmissions)
    peaks, properties = signal.find_peaks(
        ultrasonic_energy,
        height=np.mean(ultrasonic_energy) * 2,  # 2x average
        distance=1000  # At least 1000 samples apart
    )

    print(f"Potential ultrasonic signals detected: {len(peaks)}")
    for peak in peaks:
        print(f"  Signal at {times[peak]:.2f}s")

    return peaks, ultrasonic_energy

# Usage
peaks, energy = detect_ultrasonic_patterns("audio_sample.wav")

Browser-Level Protections

Beyond extensions, implement browser-level protections:

Disabling Web Audio API

// Completely disable Web Audio API
Object.defineProperty(window, 'AudioContext', {
    value: undefined,
    writable: false,
    configurable: false
});

Object.defineProperty(window, 'webkitAudioContext', {
    value: undefined,
    writable: false,
    configurable: false
});

// Disable navigator.mediaDevices.getUserMedia for audio
const originalGetUserMedia = navigator.mediaDevices.getUserMedia;
navigator.mediaDevices.getUserMedia = function(constraints) {
    if (constraints && constraints.audio) {
        throw new DOMException('Audio access denied', 'NotAllowedError');
    }
    return originalGetUserMedia.call(this, constraints);
};

Content Security Policy (CSP)

Website operators can disable certain media capabilities:

<!-- Prevent any page from accessing microphone -->
<meta http-equiv="Content-Security-Policy"
      content="microphone-stream 'none'">

<!-- Block audio sources from specific domains -->
<meta http-equiv="Content-Security-Policy"
      content="media-src 'self'">

Mobile Device Protections

Android Permission Management

# Revoke microphone permission from specific apps
adb shell pm revoke [package.name] android.permission.RECORD_AUDIO

# List apps with microphone access
adb shell pm list permissions -d | grep RECORD_AUDIO

# For each app with microphone, review necessity
# Uninstall if microphone access isn't justified

iOS Auditing

# iOS 15+ shows microphone indicator in Control Center
# Swipe down > Microphone icon shows apps currently using mic

# Review microphone access:
# Settings > Privacy & Security > Microphone
# Remove access for apps that don't need it

# iOS 16+ offers "Approximate Location"
# Helps prevent location-based tracking

Organizational Defenses

For companies protecting user privacy:

#!/bin/bash
# Corporate policy: Disable ultrasonic tracking

# 1. Audit software for ultrasonic code
grep -r "18000\|19000\|20000\|21000\|22000" src/
grep -r "ultrasonic\|beacon\|inaudible" src/

# 2. Review third-party libraries
npm audit
pip audit

# 3. Implement app review process
# - All microphone access must be justified
# - Microphone access only while app in foreground
# - Annual audits of microphone usage

# 4. Provide user transparency
# - Show when microphone is active
# - Explain why microphone is needed
# - Provide opt-out mechanism

Industry Developments

The privacy landscape around ultrasonic tracking continues to evolve:

Platform Responses

Research and Documentation

Academic research continues documenting the threat:

Key papers on ultrasonic tracking:
- "Imperceptible Acoustic Tracking" (2013)
- "Your Phone's Ultrasonic Speaker is Spying on You" (2014)
- "The Price of Ultrasound" (2016)

All describe variations of the same core technique:
Encoding tracking IDs in 18-22kHz signals

Future-Proofing Against Ultrasonic Threats

Anticipate evolved ultrasonic techniques:

Modulation Beyond Standard Encoding

Future ultrasonic tracking may use:

- Spread spectrum (FHSS) for resilience
- Frequency hopping across ultrasonic band
- Variable data rates to evade detection
- Composite signals spanning multiple frequencies

Countermeasures

# Broadband ultrasonic noise generation (white noise jammer)
# Emit noise across entire ultrasonic band
# Disrupts any beacon-based communication

# ffmpeg to generate ultrasonic noise
ffmpeg -f lavfi -i anullsrc=r=44100:cl=mono -filter_complex \
  'highpass=f=15000[a]; [a]anoise=amount=0.1' \
  -t 3600 ultrasonic_noise.wav

# Play continuously
ffplay -autoexit ultrasonic_noise.wav

User Education

Privacy-aware users should understand ultrasonic tracking:

# Ultrasonic Beacon Quick Guide

## Signs an app might be using ultrasonic tracking:
- Requests microphone access but doesn't explicitly use it
- Audio-related permissions in advertising SDKs
- Battery drain from audio processing
- Unusual Web Audio API calls in network logs

## Immediate protections:
1. Revoke unnecessary microphone permissions
2. Check app reviews for complaints about "listening"
3. Use browser extensions blocking Web Audio API
4. Monitor background app activity for unexpected audio usage

## Long-term vigilance:
- Review microphone permissions quarterly
- Keep operating systems updated
- Watch security research for new ultrasonic techniques
- Support privacy-focused browser and OS development

Built by theluckystrike — More at zovo.one

Explore Our Developer Guides

© 2026 theluckystrike Developer Guides