From Amazon Echo and Google Home to Siri and Cortana, technology is increasingly listening to what we say. And as with any new technology, people are finding ways to exploit it for questionable purposes – for example, when Burger King tricked Google Home into playing an advert for its Whoppers.

That Google could be duped so easily is a surprise, but the threat was minimal. However, security researchers have discovered far more sinister means of using open microphones to snoop on consumers.

According to researchers from the Technische Universität Braunschweig in Germany, more than 230 apps on Google Play use listening technology that responds to near-ultrasonic signals broadcast from a variety of sources. Beacons can be placed in offline media content, such as TV or radio ads, to let apps know what a mobile user is watching, or in shops to pinpoint their location without having to seek permission to use GPS.

The technology originally drew criticism in 2015, when developer Silver Push publicised an SDK for audio beacons that were generally outside the range of human hearing. Yet, despite criticism from the authorities, the ultrasonic beacons appear to by spreading.

Silver Push has said it no longer uses the technology, but others have taken its place. Five of the apps identified by the German researchers have been downloaded between 2.25million and 11.1 million times apiece, and although the study only investigated Android devices, the team said similar tactics could theoretically also apply to iOS hardware too.