You should always be skeptical when an app asks permission to access a feature it has no business using. Now, a new report from WIRED explains how granting apps access to your microphone can compromise your privacy. Even when it’s in your pocket, your phone may be having silent conversations with the stores around you without your knowledge.

Findings presented at this year's IEEE European Symposium on Security and Privacy [PDF] revealed that ultrasonic listening technology is built into 234 Android applications. That means those apps can detect certain sound “beacons” too high for human ears to hear. In theory, these signals can come from any device, even the speaker mounted outside a storefront.

After visiting 35 retail stores in Germany, the researchers found four of them used beacons. As long as you give the right app on your phone permission to listen, your microphone can pick up these signals and make note of your location for marketing purposes.

The study didn’t find any beacons coming from the television programs they analyzed, but it is possible for companies to embed them into TV commercials and websites to keep track of how consumers respond to ads. And it isn’t hard to imagine the same listening technology being used to record keyboard strokes and personal conversations, something researchers from University College London warned against in a study on the subject.

Though these apps rarely let you opt out of being spied on, you can limit the power they have. Go to settings on your mobile device to review your apps. Android owners can edit privacy settings through "App Permissions"; iOS 10 users can go to "Privacy" and hit "Microphone" to see which apps have permission to access it. It’s clear why Snapchat and Shazam would want to use the feature—less so for that random shopping app you downloaded the other week.

[h/t WIRED]