Advertisers have a persistent problem. They want to know that the person who saw an ad on television is the same person who later searched for the product on a phone, and the same person who walked into the store. Cookies cannot cross from a TV to a phone to a physical doorway. So someone reached for a channel that all those environments share: the air, and the fact that nearly everyone carries a device with a microphone.
The technique is called ultrasonic cross-device tracking. It works by embedding inaudible audio signals, ultrasonic beacons, into content and physical spaces, and listening for them with apps on your phone. Because the tones sit above roughly 18 to 20 kilohertz, most adults cannot hear them, but a phone's microphone captures them fine.
How an Inaudible Beacon Carries Data
An ultrasonic beacon is not just a tone. It is a tiny data channel. By modulating sound in the near-ultrasonic band, a speaker can transmit a short identifier, the same way a modem once encoded data as audible screeches. A beacon might encode a campaign ID, a TV channel, a specific store location, or a timestamp.
The receiving half is an app on your phone with microphone permission and a tracking library built in. The app does not need to be in the foreground or have anything to do with what is making the sound. It simply listens. When it detects a beacon, it decodes the embedded identifier and sends it, along with your device identifier, to a tracking server. The server now knows that this specific phone was within earshot of this specific beacon at this specific time.
If a beacon in a TV ad and a beacon in a retail store both report to the same network, that network learns that the phone which heard the ad later entered the store. Your living room and your shopping trip get stitched into one profile, with no account, login, or visible connection between them.
This Was Not Theoretical
The clearest documentation comes from academic security research. In 2017, researchers at TU Braunschweig published a study titled "Privacy Threats through Ultrasonic Side Channels on Mobile Devices," which analyzed how this technology was being embedded in real apps. They examined an advertising framework that listened for ultrasonic beacons and found it integrated into hundreds of Android applications, including some from well-known brands, often without users having any idea the capability was present.
Regulators noticed too. In 2016, the United States Federal Trade Commission sent warning letters to a group of app developers using a particular ultrasonic tracking SDK, cautioning that listening for inaudible beacons without clear disclosure and consent could violate consumer protection law. The message was that the practice existed at scale, in shipping apps, on ordinary phones.
The privacy failure here is not the sound. It is the microphone permission. An app that genuinely needs the mic for calls or voice notes has, with that same grant, the technical ability to listen for beacons in the background. The permission model could not distinguish "record my voice memo" from "monitor the room for tracking tones."
Why Ultrasonic Tracking Is Especially Invasive
Compared to other tracking, the ultrasonic approach has properties that make it particularly hard to notice or escape.
| Property | Implication |
|---|---|
| Invisible to the user | You cannot hear the beacon and see no network indicator, so nothing signals that tracking is occurring |
| Crosses device boundaries | Links TV, radio, physical retail, and your phone with no shared account or cookie |
| Defeats network privacy tools | A VPN or private DNS does nothing, because the linkage happens through sound in the room, not over the network |
| Reveals physical presence | A beacon in a venue confirms you were physically there, not just that you browsed a site |
That third row is the one that surprises people. You can route every byte of your traffic through Tor or a VPN and ultrasonic tracking sails straight past it, because the identifying event happened acoustically before any packet was sent. It is a reminder that network-layer privacy and physical-world privacy are different problems.
How to Defend Against It
The defenses are mostly about the microphone, because the microphone is the receiver. Cut off the receiver and the beacon has nothing to talk to.
- Audit microphone permissions ruthlessly. Go through every app and revoke mic access for anything that does not obviously need it. A flashlight, a game, or a wallpaper app has no business with your microphone.
- Prefer apps that request the minimum. An app that asks for microphone access for no clear feature is a warning sign worth heeding before installation.
- Use the microphone indicator. Modern phones show a dot or icon when the mic is active. If it lights up when no app should be listening, investigate.
- Limit unnecessary apps entirely. The fewer listening libraries you carry, the smaller the attack surface. This is the same logic as general mobile permission hygiene.
- Support platform-level controls. Operating system changes that force clear disclosure for microphone use, and that show when it happens, are the most effective brake on this entire category.
The Wider Point
Ultrasonic tracking is a useful illustration of a principle that runs through all of privacy: data leaks through whatever channel you forgot to think about. People reasoned carefully about cookies and IP addresses and never considered that the room itself could be a tracking medium. The microphone, granted for an innocent feature, became the doorway.
This is why minimizing what you expose matters more than chasing each individual threat. You will not anticipate every channel, and the ones you miss are exactly where tracking moves. A device that listens less, talks less, and is granted fewer permissions is harder to track through channels nobody has named yet. The strongest position is not blocking each known technique one by one. It is reducing the surface so that the unknown techniques have less to work with. That same instinct, collect less so there is less to leak, is the one worth carrying into every privacy decision you make.