List the trackers that apps use on Google Play - gHacks Tech News

List the trackers that apps use on Google Play

Google Play is the primary application store for Android applications. Most Android devices ship with Google Play installed by default and most Android users use it to browse, find and install applications and application updates.

While there are other stores available, F-Droid for instance, Google Play is the dominating store when it comes to user numbers and activity.

Google Play reveals little about listed applications. You can click on "view details" on the desktop or tap on "permission details" on Android to display the list of permissions. What Google Play does not reveal, however, is whether an application uses trackers or analytics components.

Show the trackers that apps use on Google Play

display trackers android

Enter Exodify; the free browser extension for Google Chrome and Mozilla Firefox is powered by Exodus Privacy, a French non-profit organization that "discloses trackers in Android environment applications".

Note: The extension should work in browsers that share the code with Chrome or Firefox. While I did not try running the extension in Opera or Vivaldi, it should run just fine in those browsers.

The development team of the non-profit released the alpha Android application Exodus Privacy earlier this year and maintains a website that offers search capabilities among other things.

The browser extension requests permissions to access Google's Play Store URL and the own URL only which is refreshing. It displays the number of identified trackers in applications that you open on Google Play.

A click on the "powered by" link opens a history page of the app on the Exodus Privacy website listing identified trackers and requested permissions for each version of the app that was analyzed in the past.

Another click on a specific version of the app opens the apps profile page on the Exodus website. It lists all trackers found in the applications' code as well as all requested permissions on that page.

Permissions have a risk rating associated with them and you may hover over the rating to better understand what specific permissions grant.

All trackers are linked as well. If you click on a tracker, say Google Ads, Facebook Login or Adjust, you get a list of all apps that use that tracker.

Back to Google Play; Exodify displays the number of trackers for individual applications you open on the site but also for application suggestions that Google displays on the same page.

tracker apps

The database offers tracker related information for many popular apps, but you may see "unknown" listed for others.

When you open an application that has not been scanned by the service at this point, you get an option to have it analyzed by Exodus Privacy. Just click on the "Would you like to let ExodusPrivacy analyze it" link to open the Exodus website.  You may run a scan right then and there to find out about integrated trackers and permissions.

android app privacy

Scanning did not take longer than a minute during tests and I ran into a single "can't decode APK" error during that time. You can open the report right away to access the scan results.

Any user of the extension or the application benefits from the new database entry once a scan completes.

Tip: You can look up applications using the built-in search without installing one of the extensions or the application. Just head over to the main reports page and type the name of the application or its handle.

app search

Closing Words

Exodify is a useful browser extension for Android device users who browse Google's Play store regularly. Others may prefer to look up information about applications they are interested in using the search on the Exodus website as it reveals the same information.

Now You: Do you analyze apps before you install them?

Related articles

Summary
List the trackers that apps use on Google Play
Article Name
List the trackers that apps use on Google Play
Description
You can use the Exodus website, browser extensions or apps to reveal tracker modules that Android applications use before you install those apps on your Android device.
Author
Publisher
Ghacks Technology News
Logo

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:

Comments

  1. Yuliya said on March 19, 2018 at 3:08 pm
    Reply

    Not into the extension, but the website is nice. Btw:

    Google Chrome: Fast & Secure | 0 trackers | 31 permissions | v64
    Firefox Browser fast & private | 4 trackers | 30 permissions | v59

    🤔🤔🤔

    1. Anonymous said on March 20, 2018 at 3:10 am
      Reply

      “Google Chrome: Fast & Secure | 0 trackers”

      You mean no trackers other than Google itself, the biggest tracker of them all? LOL All of Mozilla’s data collection can be turned off.

  2. asd said on March 19, 2018 at 3:16 pm
    Reply

    Interesting to see the crazy amount of trackers some apps have. The next question is what can you do about the built in, impossible to remove trackers from the likes of Samsung?

    1. Yuliya said on March 19, 2018 at 3:31 pm
      Reply

      If you’re not willing to install LineageOS (which is by far the best solution imo), your option would be to disable said applications.

      1. TelV said on March 19, 2018 at 4:10 pm
        Reply

        Unfortunately, disabling Samsung apps isn’t an option. There’s a Disable button present on each of them, but it’s disabled by default. The only temporary option is “Force stop”, but it re-enables itself eventually.

        You can prevent them from being updated by setting “Automatically install updates” to “Never” in the phone’s Settings menu, but that’s about it.

        The next phone I buy will be one which has stock Android installed. There’s not many of them around at the moment, but at least you get a barebones version of the OS without all the bells and whistles that companies like Samsung use to overlay Android with their own interface which allows them to limit the way menus and apps work. On a Samsung phone, it’s called Touch Wiz.

      2. Rocky said on March 19, 2018 at 9:06 pm
        Reply

        Does anybody know if LineageOS can be installed on Sony Xperia XA1 . What little googling I did suggested it was difficult due to its using a Mediatek chip ?

    2. Anonymous said on March 19, 2018 at 3:50 pm
      Reply

      For combating in-app tracking alone you just need a phone which supports Xposed module and use Xprivacy Lua, and to have a hosts file blocking known tracking domains. You can go further by install LineageOS or LineageOS for microG (if you have to use apps that depend on Google components) and other apps for the purpose.

    3. John Fenderson said on March 19, 2018 at 4:27 pm
      Reply

      Here’s what I do — I have a firewall installed and configured to block all traffic to and from apps unless I specifically allow it. That way, it doesn’t really matter how many trackers are installed — they can’t talk to anything.

      The best way to do this is to root your device and use an app that configures the built-in Linux firewall. The second-best way (if you don’t want to root) is to use one of those “fake VPN” firewalls.

    4. dark said on March 19, 2018 at 7:31 pm
      Reply

      Use NetGuard and set it to whitelist mode so only apps you allow can access the internet.
      github.com/M66B/NetGuard

      1. desqita said on March 20, 2018 at 10:40 am
        Reply

        NetGuard

        2 trackers
        10 permissions

      2. dark said on March 23, 2018 at 12:50 am
        Reply

        Get the .apk from github not play store.

  3. Franck said on March 19, 2018 at 3:46 pm
    Reply

    Ooch, so many trackers…

  4. ams said on March 19, 2018 at 3:53 pm
    Reply

    mama, i wannabe Ghostery when i grows up…

    1. TelV said on March 19, 2018 at 4:21 pm
      Reply

      Uh…uhmmm, you might recall Martin’s article on Cliqz which acquired Ghostery recently: https://www.ghacks.net/2017/10/06/mozilla-to-launch-firefox-cliqz-experiment-with-data-collecting/

      Sounds to me like Ghostery is a tracker in its own right.

      1. Dennis said on March 20, 2018 at 12:30 am
        Reply

        Ghostery is open source, now….. I don’t know if that really makes a difference — but still!

  5. TelV said on March 19, 2018 at 4:25 pm
    Reply

    On the subject of your question Martin, I tend to look at what permissions an app requires before installing it. If it wants to access something which I don’t think is relevant, I simply dump it altogether.

    It doesn’t surprise me though that each of them would have a large number of trackers attached to them.

  6. Rotten Soundrel said on March 19, 2018 at 8:21 pm
    Reply

    [edit] Oooops, make that “Scoundrel”

    Don’t believe everything you see on the Play Store.

    I heard about this App a week or so back and checked the Play Permissions for it. It said “other” and generally that means pretty benign stuff.

    So, turned off the radio, side-loaded the APK onto my LineageOS, v14 and guess what? Lineage shows five Permissions.

    I can’t remember all but Read-SMS and read Contacts were among them. Hasty removal before even trying it.

    So, is this a false positive from Lineage or deception? Pretty sure I know which and it will stay removed.

  7. Wayfarer said on March 20, 2018 at 12:42 am
    Reply

    I’m with other commmenters here. Anyone who believes PlayStore gives a damn about user security is delusional. All their ‘security’ cares about is blocking non-Google apps. I’ve installed (and uninstalled) dozens of PlayStore apps with so many trackers it was clear what their main business was.

    And that’s even before the whole host of manufacturers who don’t give a damn about Android updates once they have your money. Or the retailers who sell devices with Android versions so old they ought to be illegal.

  8. CHEF-KOCH said on March 20, 2018 at 2:42 am
    Reply

    Unfortunately the website comes to false conclusions, like every analyzers. A tracker is only dangerous when it’s activated (assuming it really violates some user rights), some apps including them in order to get useful information and just because there is an ‘analytics’ tracker doesn’t mean he collects information which expose you. A good example is SDMaid pro (same like free version) it includes trackers which you can opt-in or opt-out manually if you like. So that it means because it includes it it’s dangerous? No definitely not, SDMaid is also open source. Even if you enable the tracker it doesn’t collect information which expose you.

    I think such pages doesn’t explain this because it’s some kind of clickbait these days to get your 10 minutes attention. All of these pages are mostly designed by people which are not involved in any security related topic otherwise they would notice their users that this is in most of the case worthless.

    > All their ‘security’ cares about is blocking non-Google apps. I’ve installed (and uninstalled) dozens of PlayStore apps with so many trackers it was clear what their main business was.

    I call this totally wrong, Google terms of use are very clear for everyone and integrating an tracker or ads system doesn’t mean automatically there bad. While including no ads doesn’t mean it’s automatically safe.

    > Use NetGuard and set it to whitelist mode so only apps you allow can access the internet.

    Doesn’t solve anything since almost every app these days require internet, the idea is good but especially apps which are involved in the whole internet part are pointless to block, instead I recommend to use Xprivacy Lua which allows you to take control over the permissions (you don’t like).

    https://github.com/M66B/XPrivacyLua

    1. John Fenderson said on March 20, 2018 at 4:12 pm
      Reply

      “assuming it really violates some user rights”

      What rights do you consider a user to have? Personally, I demand the right to not be tracked.

      “some apps including them in order to get useful information”

      Of course, but that’s not really relevant.

      “just because there is an ‘analytics’ tracker doesn’t mean he collects information which expose you”

      I disagree — I think it means exactly this. But I understand that reasonable people may disagree, so I offer that this point isn’t the most important. The most important point is that if I don’t want it to happen — for any reason — then it shouldn’t happen.

      “Google terms of use are very clear for everyone ”

      They’re also not terribly meaningful.

      “Doesn’t solve anything since almost every app these days require internet”

      I don’t know about that — I use a fair number of apps, and nearly all of them are firewalled off from the internet. They work just fine. When I encounter an app that doesn’t need internet access to perform its function, but won’t work without it anyway, I just uninstall the app and switch to one that’s more reasonable.

    2. aeris said on March 21, 2018 at 12:04 am
      Reply

      > All of these pages are mostly designed by people which are not involved in any security related topic

      Did you really check who are the people behind this project?

      Please check esther’s resume (https://esther.codes/about-me/) or mine (https://imirhil.fr/), both co-founder of Exodus.
      We contribute to many security system and build our own security project (hootspot, cryptcheck…). We are well involved in project like Tor or cryptoparty movement.

      Not at all people “not involved in any security related topic”…

      <3

    3. Wayfarer said on March 21, 2018 at 12:27 am
      Reply

      It isn’t a matter of right or wrong, fact or fiction – it’s a matter of CHOICE – a choice that’s not only increasingly denied but increasingly obfuscated by claims like yours that assaults on privacy are all OK really – what are you afraid of if you’ve done nothing wrong. A message as old – and as dishonest – as history. In fact, much of the time, the problem isn’t just the data mining/surveillance – it’s the apologists for what is unacceptable behaviour.

      1. John Fenderson said on March 21, 2018 at 6:20 pm
        Reply

        Well said, Wayfarer!

  9. Dave said on March 20, 2018 at 5:36 am
    Reply

    The only way to insure privacy on a “smart phone” is to destroy it. These devices main purpose is to track and analyze you and send that information back home.

    The fact they can make phone calls is just a ruse to trick you into owning one.

    That being said, I do have one. I’m aware of the built in Chinese spyware and all the rest of the data collection. I use it to send text and photos, make phone calls, and pop up a map from time to time fully aware that none of it is kept private.

    1. John Fenderson said on March 20, 2018 at 4:14 pm
      Reply

      “The only way to insure privacy on a “smart phone” is to destroy it”

      The only way to ensure privacy with anything that communicates to the outside world is to destroy it. However, it’s entirely possible to achieve a balance between privacy and functionality. What makes a good balance is a personal decision.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.