New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Identify new trackers #40

Open
U039b opened this Issue Dec 28, 2017 · 105 comments

Comments

Projects
None yet
10 participants
@U039b
Contributor

U039b commented Dec 28, 2017

In https://reports.exodus-privacy.eu.org/reports/37/:

  • com/applovin/adview/AppLovinInterstitialAdDialog
  • com/avocarrot/sdk/nativeassets/model/NativeAdData
  • com/appnext/ads/
  • com/inlocomedia/android/ads/AdType
  • com/moat/analytics/mobile/aol/NativeVideoTracker
  • com/mopub/common/GpsHelper
  • com/nativex/monetization/mraid/objects/CurrentPosition
  • com/unity3d/ads/android/UnityAds
  • com/vungle/publisher/AdConfig
  • com/youappi/ai/sdk/YouAPPi
    Why the fuck this application requires org/apache/commons/math3/optimization?
@U039b

This comment has been minimized.

Show comment
Hide comment
@U039b

U039b Dec 28, 2017

Contributor

To add a new tracker, follow this schema of description:

### Tracker name
* Website: xxxx
* Comment: xxxx
* Category: [Analytics, Advertising]
* Code signature: `xxx`
* Network signature: `xxx.com`
* Maven repository: `xxx.com`
* Artifact ID: `xxx`
* Group ID: `xxx` 
* Gradle: `xxx`
* Additional links: xxx xxx
* Notes: xxx
Contributor

U039b commented Dec 28, 2017

To add a new tracker, follow this schema of description:

### Tracker name
* Website: xxxx
* Comment: xxxx
* Category: [Analytics, Advertising]
* Code signature: `xxx`
* Network signature: `xxx.com`
* Maven repository: `xxx.com`
* Artifact ID: `xxx`
* Group ID: `xxx` 
* Gradle: `xxx`
* Additional links: xxx xxx
* Notes: xxx
@U039b

This comment has been minimized.

Show comment
Hide comment
@U039b

U039b Dec 28, 2017

Contributor

AppLovin

  • Website: https://www.applovin.com/
  • Comment: AppLovin is a mobile advertising technology company that enables brands to create mobile marketing campaigns that are fueled by data.
  • Category: Advertising
  • Code signature: com.applovin.
  • Network signature: applovin\.com
  • Maven repository: NA
  • Artifact ID: applovin-sdk
  • Group ID: com.applovin
  • Gradle: com.applovin:applovin-sdk:7.6.0
  • Additional links: Crunchbase
  • Notes: AppLovin SDK requires Google Ads Identifier com.google.android.gms.ads.identifier.*

Avocarrot

  • Website: https://www.avocarrot.com/
  • Comment: Avocarrot is a native mobile advertising platform which provides real rewards on mobile apps.
  • Category: Advertising
  • Code signature: com.avocarrot.sdk
  • Network signature: \.avocarrot\.com
  • Maven repository: https://s3.amazonaws.com/avocarrot-android-builds/dist/
  • Artifact ID: mediation-sdk-nativead
  • Group ID: com.avocarrot.sdk
  • Gradle: com.avocarrot.sdk:mediation-sdk-nativead:4.7.1
  • Additional links: Crunchbase Dev doc
  • Notes: Uses Google Ads

NativeX

  • Website: http://www.nativex.com/
  • Comment: NativeX is the leading ad technology for mobile games.
  • Category: Advertising
  • Code signature: com.nativex.
  • Network signature: mobvista\.com|nativex\.com
  • Maven repository: NC
  • Artifact ID: NC
  • Group ID: NC
  • Gradle: NC
  • Additional links: Crunchbase NativeX Android SDK Dev doc
  • Notes: Acquired by MobVista
Contributor

U039b commented Dec 28, 2017

AppLovin

  • Website: https://www.applovin.com/
  • Comment: AppLovin is a mobile advertising technology company that enables brands to create mobile marketing campaigns that are fueled by data.
  • Category: Advertising
  • Code signature: com.applovin.
  • Network signature: applovin\.com
  • Maven repository: NA
  • Artifact ID: applovin-sdk
  • Group ID: com.applovin
  • Gradle: com.applovin:applovin-sdk:7.6.0
  • Additional links: Crunchbase
  • Notes: AppLovin SDK requires Google Ads Identifier com.google.android.gms.ads.identifier.*

Avocarrot

  • Website: https://www.avocarrot.com/
  • Comment: Avocarrot is a native mobile advertising platform which provides real rewards on mobile apps.
  • Category: Advertising
  • Code signature: com.avocarrot.sdk
  • Network signature: \.avocarrot\.com
  • Maven repository: https://s3.amazonaws.com/avocarrot-android-builds/dist/
  • Artifact ID: mediation-sdk-nativead
  • Group ID: com.avocarrot.sdk
  • Gradle: com.avocarrot.sdk:mediation-sdk-nativead:4.7.1
  • Additional links: Crunchbase Dev doc
  • Notes: Uses Google Ads

NativeX

  • Website: http://www.nativex.com/
  • Comment: NativeX is the leading ad technology for mobile games.
  • Category: Advertising
  • Code signature: com.nativex.
  • Network signature: mobvista\.com|nativex\.com
  • Maven repository: NC
  • Artifact ID: NC
  • Group ID: NC
  • Gradle: NC
  • Additional links: Crunchbase NativeX Android SDK Dev doc
  • Notes: Acquired by MobVista
@seandiggity

This comment has been minimized.

Show comment
Hide comment
@seandiggity

seandiggity Dec 28, 2017

trying to untangle Baidu location tracking... the maps and location are so closely related in the code I've seen.

Baidu Maps

WeChat Location

seandiggity commented Dec 28, 2017

trying to untangle Baidu location tracking... the maps and location are so closely related in the code I've seen.

Baidu Maps

WeChat Location

@seandiggity

This comment has been minimized.

Show comment
Hide comment
@seandiggity

seandiggity Dec 28, 2017

A quick note - older versions of Tune tracker use the com.mobileapptracker name for the SDK.

Tune

  • Code signature: com.tune|com.mobileapptracker

seandiggity commented Dec 28, 2017

A quick note - older versions of Tune tracker use the com.mobileapptracker name for the SDK.

Tune

  • Code signature: com.tune|com.mobileapptracker
@seandiggity

This comment has been minimized.

Show comment
Hide comment
@seandiggity

seandiggity Dec 28, 2017

Updates to SafeGraph. Much more detail at https://github.com/YalePrivacyLab/tracker-profiles/blob/master/trackers/SafeGraph.md

SafeGraph OpenLocate

  • Website: https://www.safegraph.com, https://github.com/OpenLocate
  • Comment: SafeGraph specializes in the collection of physical location data for data mining and analytics. OpenLocate is the SDK announced in 2017.
  • Category: [Location]
  • Code signature: com.safegraph.|com.openlocate
  • Network signature: api\.safegraph\.com
  • Maven repository: https://s3-us-west-2.amazonaws.com/openlocate-android/
  • Artifact ID: openlocate-android
  • Group ID: com.openlocate
  • Gradle: com.openlocate:openlocate:1.+
  • Additional links: OpenLocate SDK repo, Crunchbase, Stanford economics paper, Washington Post, The Outline
  • Notes: SafeGraph collected 17 trillion location markers for 10 million smartphones in November 2016. OpenLocate SDK for Android is MIT/Expat licensed.

seandiggity commented Dec 28, 2017

Updates to SafeGraph. Much more detail at https://github.com/YalePrivacyLab/tracker-profiles/blob/master/trackers/SafeGraph.md

SafeGraph OpenLocate

  • Website: https://www.safegraph.com, https://github.com/OpenLocate
  • Comment: SafeGraph specializes in the collection of physical location data for data mining and analytics. OpenLocate is the SDK announced in 2017.
  • Category: [Location]
  • Code signature: com.safegraph.|com.openlocate
  • Network signature: api\.safegraph\.com
  • Maven repository: https://s3-us-west-2.amazonaws.com/openlocate-android/
  • Artifact ID: openlocate-android
  • Group ID: com.openlocate
  • Gradle: com.openlocate:openlocate:1.+
  • Additional links: OpenLocate SDK repo, Crunchbase, Stanford economics paper, Washington Post, The Outline
  • Notes: SafeGraph collected 17 trillion location markers for 10 million smartphones in November 2016. OpenLocate SDK for Android is MIT/Expat licensed.
@seandiggity

This comment has been minimized.

Show comment
Hide comment
@seandiggity

seandiggity Dec 29, 2017

HyperTrack

  • Website: http://hypertrack.com, https://github.com/hypertrack
  • Comment: HyperTrack implements live location sharing and activity tracking.
  • Category: [Maps, Location]
  • Code signature: com.hypertrack.|com.hypertracklive.|io.hypertrack.
  • Network signature: trck.at|hypertrack\.amazonaws.com|api\.hypertrack\.com
  • Maven repository: http://hypertrack-android-sdk.s3-website-us-west-2.amazonaws.com/
  • Artifact ID: hypertrack-live-android
  • Group ID: com.hypertrack
  • Gradle: com.hypertrack:android:0.4.22:release@aar
  • Additional links: HyperTrack SDK repo, Documentation
  • Notes: HyperTrack SDK for Android is MIT/Expat licensed.

seandiggity commented Dec 29, 2017

HyperTrack

  • Website: http://hypertrack.com, https://github.com/hypertrack
  • Comment: HyperTrack implements live location sharing and activity tracking.
  • Category: [Maps, Location]
  • Code signature: com.hypertrack.|com.hypertracklive.|io.hypertrack.
  • Network signature: trck.at|hypertrack\.amazonaws.com|api\.hypertrack\.com
  • Maven repository: http://hypertrack-android-sdk.s3-website-us-west-2.amazonaws.com/
  • Artifact ID: hypertrack-live-android
  • Group ID: com.hypertrack
  • Gradle: com.hypertrack:android:0.4.22:release@aar
  • Additional links: HyperTrack SDK repo, Documentation
  • Notes: HyperTrack SDK for Android is MIT/Expat licensed.
@seandiggity

This comment has been minimized.

Show comment
Hide comment
@seandiggity

seandiggity Dec 29, 2017

Uber Analytics

  • Website: https://uber.com
  • Comment: Uber Analytics tracks location and behavior as part of its suite of apps such as Uber, UberEATS, and Uber Driver.
  • Category: Location, Analytics
  • Code signature: com.ubercab.analytics.|com.ubercab.library.metrics.analytics.|com.ubercab.client.core.analytics.
  • Network signature: events.uber.com
  • Maven repository: NA
  • Artifact ID: NC
  • Group ID: com.ubercab
  • Gradle: NC
  • Additional links: Dissassembled Uber code, Reverse-engineered Uber code
  • Notes: Uber acquired map and location startup deCarta, which included data and maps from TomTom.

seandiggity commented Dec 29, 2017

Uber Analytics

  • Website: https://uber.com
  • Comment: Uber Analytics tracks location and behavior as part of its suite of apps such as Uber, UberEATS, and Uber Driver.
  • Category: Location, Analytics
  • Code signature: com.ubercab.analytics.|com.ubercab.library.metrics.analytics.|com.ubercab.client.core.analytics.
  • Network signature: events.uber.com
  • Maven repository: NA
  • Artifact ID: NC
  • Group ID: com.ubercab
  • Gradle: NC
  • Additional links: Dissassembled Uber code, Reverse-engineered Uber code
  • Notes: Uber acquired map and location startup deCarta, which included data and maps from TomTom.
@seandiggity

This comment has been minimized.

Show comment
Hide comment
@seandiggity

seandiggity Dec 29, 2017

Lisnr

seandiggity commented Dec 29, 2017

Lisnr

@seandiggity

This comment has been minimized.

Show comment
Hide comment
@seandiggity

seandiggity Dec 29, 2017

SilverPush

seandiggity commented Dec 29, 2017

SilverPush

@seandiggity

This comment has been minimized.

Show comment
Hide comment
@seandiggity

seandiggity Dec 29, 2017

Shopkick

seandiggity commented Dec 29, 2017

Shopkick

@seandiggity

This comment has been minimized.

Show comment
Hide comment
@seandiggity

seandiggity Dec 29, 2017

Alphonso

seandiggity commented Dec 29, 2017

Alphonso

@seandiggity

This comment has been minimized.

Show comment
Hide comment
@seandiggity

seandiggity Dec 29, 2017

Smaato

  • Website: https://smaato.com
  • Comment: Smaato is a mobile ad platform that includes video ads.
  • Category: [Advertising, Analytics]
  • Code signature: com.smaato.soma.
  • Network signature: soma.smaato.net|smaato.net
  • Maven repository: NA
  • Artifact ID: NC
  • Group ID: com.smaato.soma
  • Gradle: NC
  • Additional links: Smaato SDK Documentation
  • Notes:

seandiggity commented Dec 29, 2017

Smaato

  • Website: https://smaato.com
  • Comment: Smaato is a mobile ad platform that includes video ads.
  • Category: [Advertising, Analytics]
  • Code signature: com.smaato.soma.
  • Network signature: soma.smaato.net|smaato.net
  • Maven repository: NA
  • Artifact ID: NC
  • Group ID: com.smaato.soma
  • Gradle: NC
  • Additional links: Smaato SDK Documentation
  • Notes:
@seandiggity

This comment has been minimized.

Show comment
Hide comment
@seandiggity

seandiggity Dec 29, 2017

Scandit

seandiggity commented Dec 29, 2017

Scandit

@seandiggity

This comment has been minimized.

Show comment
Hide comment
@seandiggity

seandiggity Dec 29, 2017

we need to decide how to handle / untangle Google Maps and Location services as well. At the least, the presence of the location services listener should be considered a tracker.

Google Maps

  • Code signature: com.google.android.gms.maps

Google Location Service

  • Code signature: com.google.android.gms.location

seandiggity commented Dec 29, 2017

we need to decide how to handle / untangle Google Maps and Location services as well. At the least, the presence of the location services listener should be considered a tracker.

Google Maps

  • Code signature: com.google.android.gms.maps

Google Location Service

  • Code signature: com.google.android.gms.location
@U039b

This comment has been minimized.

Show comment
Hide comment
@U039b

U039b Jan 6, 2018

Contributor

Inrix

  • Website: http://inrix.com/
  • Comment: INRIX offers real-time traffic information solutions that help develop traffic data and traffic speed for freeways, highways and arterials.
  • Category: Location
  • Code signature: com.inrix.sdk
  • Network signature: inrix\.com|inrix\.io
  • Maven repository: NC
  • Artifact ID: NC
  • Group ID: NC
  • Gradle: NC
  • Additional links: Inrix on Crunchbase, Inrix population analytics
  • Notes:
Contributor

U039b commented Jan 6, 2018

Inrix

  • Website: http://inrix.com/
  • Comment: INRIX offers real-time traffic information solutions that help develop traffic data and traffic speed for freeways, highways and arterials.
  • Category: Location
  • Code signature: com.inrix.sdk
  • Network signature: inrix\.com|inrix\.io
  • Maven repository: NC
  • Artifact ID: NC
  • Group ID: NC
  • Gradle: NC
  • Additional links: Inrix on Crunchbase, Inrix population analytics
  • Notes:
@seandiggity

This comment has been minimized.

Show comment
Hide comment
@seandiggity

seandiggity Jan 12, 2018

Signal360

seandiggity commented Jan 12, 2018

Signal360

@kaputnikGo

This comment has been minimized.

Show comment
Hide comment
@kaputnikGo

kaputnikGo Jan 15, 2018

Signal360 use the Manchester decoder for logic 1s and 0s. This is probably similar methodology for other audio beacon companies.
http://ww1.microchip.com/downloads/en/AppNotes/01470A.pdf

kaputnikGo commented Jan 15, 2018

Signal360 use the Manchester decoder for logic 1s and 0s. This is probably similar methodology for other audio beacon companies.
http://ww1.microchip.com/downloads/en/AppNotes/01470A.pdf

@seandiggity

This comment has been minimized.

Show comment
Hide comment
@seandiggity

seandiggity Jan 15, 2018

thanks for the heads up, I'm sure you're right about this being the most common method. Some of these audio beacons use amplitude, but that's very limited (FidZup's method, if we trust the patent applications). Most seem to use frequency and what they call "frequency shift keying", which is slight changes in frequencies for 0s and 1s. Hypothetically, they could do much more frequency shifts within that 18kHz to 20kHz range (LISNR claims up to 22kHz but I don't know of devices that have that capability), and then they could do hex or the alphabet even.

What's unclear to me is how they have enough bandwidth to get complex data across the wire... the amount of time that someone is in proximity to a speaker with their microphone could be very limited.

seandiggity commented Jan 15, 2018

thanks for the heads up, I'm sure you're right about this being the most common method. Some of these audio beacons use amplitude, but that's very limited (FidZup's method, if we trust the patent applications). Most seem to use frequency and what they call "frequency shift keying", which is slight changes in frequencies for 0s and 1s. Hypothetically, they could do much more frequency shifts within that 18kHz to 20kHz range (LISNR claims up to 22kHz but I don't know of devices that have that capability), and then they could do hex or the alphabet even.

What's unclear to me is how they have enough bandwidth to get complex data across the wire... the amount of time that someone is in proximity to a speaker with their microphone could be very limited.

@kaputnikGo

This comment has been minimized.

Show comment
Hide comment
@kaputnikGo

kaputnikGo Jan 15, 2018

one technique is this:
pulses of 1ms, for 32 ms duration == 32 bits
clock pulse (carrier-like) between logic 0 and logic 1 frequency serves as centre freq and start bit.
audio as modulated 1s and modulated 0s
20550 to 21000 for logic 0
21000 to 22000 for logic 1

so if the sdk process hears the carrier frequency it can then start listening for the repeated modulated signals, create a historical cache of recorded signals and then process them for any candidates.
If we assume the signal is unique to time and location then all the sdk needs to do is ping the server with a heard beacon message of a specific type.

kaputnikGo commented Jan 15, 2018

one technique is this:
pulses of 1ms, for 32 ms duration == 32 bits
clock pulse (carrier-like) between logic 0 and logic 1 frequency serves as centre freq and start bit.
audio as modulated 1s and modulated 0s
20550 to 21000 for logic 0
21000 to 22000 for logic 1

so if the sdk process hears the carrier frequency it can then start listening for the repeated modulated signals, create a historical cache of recorded signals and then process them for any candidates.
If we assume the signal is unique to time and location then all the sdk needs to do is ping the server with a heard beacon message of a specific type.

@seandiggity

This comment has been minimized.

Show comment
Hide comment
@seandiggity

seandiggity Jan 15, 2018

we should talk off-thread, but that's potentially ~24KB per minute at most? something like that?

seandiggity commented Jan 15, 2018

we should talk off-thread, but that's potentially ~24KB per minute at most? something like that?

@seandiggity

This comment has been minimized.

Show comment
Hide comment
@seandiggity

seandiggity Jan 16, 2018

Byyd (Adfonic)

  • Website: http://byyd.com
  • Comment: Formerly Adfonic. "Find you target audience using first- and third-party data about users "
  • Category: Analytics
  • Code signature: com.adfonic.android.|com.byyd.
  • Network signature: byyd\.me|byyd-tech\.com|adfonic\.com
  • Maven repository: NA
  • Gradle: NA
  • Group ID: com.adfonic
  • Gradle: NA
  • Additional links:
  • Notes:

Mixpanel

  • Website: https://mixpanel.com
  • Comment: "Deeply understand every user's journey with instant insights for everyone on mobile and web."
  • Category: Analytics
  • Code signature: com.mixpanel.android.
  • Network signature: api.mixpanel.com|decide.mixpanel.com
  • Maven repository: NA
  • Gradle: NA
  • Group ID: com.mixpanel
  • Gradle: NA
  • Additional links:
  • Notes:

Phunware

  • Website: https://phunware.com
  • Comment: "Phunware supports every stage of mobile application lifecycle management. Create the ideal mobile application for your business, build and monetize your app’s audience, and create hyper-personalized mobile experiences with our exclusive data."
  • Category: Analytics
  • Code signature: com.phunware.analytics.
  • Network signature: cms-api.phunware.com|phunware.com
  • Maven repository: NA
  • Gradle: NA
  • Group ID: com.phunware
  • Gradle: NA
  • Additional links:
  • Notes:

Gimbal

  • Website: https://gimbal.com
  • Comment: "Gimbal helps brands and agencies perfect their marketing relevance for consumers using physical-world data."
  • Category: Analytics, Location
  • Code signature: com.gimbal.android.
  • Network signature: gimbal.com|analytics-server.gimbal.com
  • Maven repository: NA
  • Gradle: NA
  • Group ID: com.gimbal
  • Gradle: NA
  • Additional links:
  • Notes:

seandiggity commented Jan 16, 2018

Byyd (Adfonic)

  • Website: http://byyd.com
  • Comment: Formerly Adfonic. "Find you target audience using first- and third-party data about users "
  • Category: Analytics
  • Code signature: com.adfonic.android.|com.byyd.
  • Network signature: byyd\.me|byyd-tech\.com|adfonic\.com
  • Maven repository: NA
  • Gradle: NA
  • Group ID: com.adfonic
  • Gradle: NA
  • Additional links:
  • Notes:

Mixpanel

  • Website: https://mixpanel.com
  • Comment: "Deeply understand every user's journey with instant insights for everyone on mobile and web."
  • Category: Analytics
  • Code signature: com.mixpanel.android.
  • Network signature: api.mixpanel.com|decide.mixpanel.com
  • Maven repository: NA
  • Gradle: NA
  • Group ID: com.mixpanel
  • Gradle: NA
  • Additional links:
  • Notes:

Phunware

  • Website: https://phunware.com
  • Comment: "Phunware supports every stage of mobile application lifecycle management. Create the ideal mobile application for your business, build and monetize your app’s audience, and create hyper-personalized mobile experiences with our exclusive data."
  • Category: Analytics
  • Code signature: com.phunware.analytics.
  • Network signature: cms-api.phunware.com|phunware.com
  • Maven repository: NA
  • Gradle: NA
  • Group ID: com.phunware
  • Gradle: NA
  • Additional links:
  • Notes:

Gimbal

  • Website: https://gimbal.com
  • Comment: "Gimbal helps brands and agencies perfect their marketing relevance for consumers using physical-world data."
  • Category: Analytics, Location
  • Code signature: com.gimbal.android.
  • Network signature: gimbal.com|analytics-server.gimbal.com
  • Maven repository: NA
  • Gradle: NA
  • Group ID: com.gimbal
  • Gradle: NA
  • Additional links:
  • Notes:
@seandiggity

This comment has been minimized.

Show comment
Hide comment
@seandiggity

seandiggity Jan 26, 2018

Google Usage Stats

  • Website: http://google.com
  • Comment: Android app usage statistics.
  • Category: Usage Statistics
  • Code signature: android.app.usage.UsageStats|android.app.usage.UsageStatsManager
  • Network signature: NA
  • Maven repository: NA
  • Gradle: NA
  • Group ID: android.app.usage
  • Gradle: NA
  • Additional links: Usage Stats, Usage Stats Manager
  • Notes:

seandiggity commented Jan 26, 2018

Google Usage Stats

  • Website: http://google.com
  • Comment: Android app usage statistics.
  • Category: Usage Statistics
  • Code signature: android.app.usage.UsageStats|android.app.usage.UsageStatsManager
  • Network signature: NA
  • Maven repository: NA
  • Gradle: NA
  • Group ID: android.app.usage
  • Gradle: NA
  • Additional links: Usage Stats, Usage Stats Manager
  • Notes:
@kheops2713

This comment has been minimized.

Show comment
Hide comment
@kheops2713

kheops2713 Jan 30, 2018

I just came across Segment (https://segment.com), a tracker that happens to be integrated into Mattermost, a self-hostable chat platform that is very popular now in the FLOSS community.

One of their client, whose use of the data looks the most cynical to me: https://segment.com/customers/xo-group

They do seem to be collecting data from Android as well: https://segment.com/docs/sources/mobile/android/. Interestingly enough, their Android client/library (I am not sure what I am talking about) seems to be open source.

kheops2713 commented Jan 30, 2018

I just came across Segment (https://segment.com), a tracker that happens to be integrated into Mattermost, a self-hostable chat platform that is very popular now in the FLOSS community.

One of their client, whose use of the data looks the most cynical to me: https://segment.com/customers/xo-group

They do seem to be collecting data from Android as well: https://segment.com/docs/sources/mobile/android/. Interestingly enough, their Android client/library (I am not sure what I am talking about) seems to be open source.

@seandiggity

This comment has been minimized.

Show comment
Hide comment
@seandiggity

seandiggity Jan 30, 2018

Thanks. We do have Segment listed as a tracker in Exodus, but it would be great if you could provide more detail in this thread so that we can fill out the tracker profile more completely. Try to take a look at some of the more detailed profiles above, or the ones we did at https://github.com/YalePrivacyLab/tracker-profiles

https://reports.exodus-privacy.eu.org/trackers/62/

seandiggity commented Jan 30, 2018

Thanks. We do have Segment listed as a tracker in Exodus, but it would be great if you could provide more detail in this thread so that we can fill out the tracker profile more completely. Try to take a look at some of the more detailed profiles above, or the ones we did at https://github.com/YalePrivacyLab/tracker-profiles

https://reports.exodus-privacy.eu.org/trackers/62/

@mildis

This comment has been minimized.

Show comment
Hide comment
@mildis

mildis Jan 31, 2018

NewRelic

  • Website: https://www.newrelic.com
  • Comment: App usage stats
  • Category: Analytics
  • Code signature: com.newrelic.agent
  • Network signature: nr-data.net|newrelic.com
  • Maven repository:
  • Artifact ID: android-agent
  • Group ID: com.newrelic.agent.android
  • Gradle: com.newrelic.agent.android:android-agent com.newrelic.agent.android:agent-gradle-plugin
  • Additional links:
  • Notes: Requires android.permission.INTERNET and android.permission.ACCESS_NETWORK_STATE

mildis commented Jan 31, 2018

NewRelic

  • Website: https://www.newrelic.com
  • Comment: App usage stats
  • Category: Analytics
  • Code signature: com.newrelic.agent
  • Network signature: nr-data.net|newrelic.com
  • Maven repository:
  • Artifact ID: android-agent
  • Group ID: com.newrelic.agent.android
  • Gradle: com.newrelic.agent.android:android-agent com.newrelic.agent.android:agent-gradle-plugin
  • Additional links:
  • Notes: Requires android.permission.INTERNET and android.permission.ACCESS_NETWORK_STATE
@seandiggity

This comment has been minimized.

Show comment
Hide comment
@seandiggity

seandiggity Feb 2, 2018

Changes to Signal 360:

Signal360

seandiggity commented Feb 2, 2018

Changes to Signal 360:

Signal360

@kaputnikGo

This comment has been minimized.

Show comment
Hide comment
@kaputnikGo

kaputnikGo Mar 21, 2018

OpenX

kaputnikGo commented Mar 21, 2018

OpenX

@kaputnikGo

This comment has been minimized.

Show comment
Hide comment
@kaputnikGo

kaputnikGo Mar 21, 2018

if there are additions or blanks in the comments made then maybe list them in a new comment and we can go over our own and edit them accordingly?

kaputnikGo commented Mar 21, 2018

if there are additions or blanks in the comments made then maybe list them in a new comment and we can go over our own and edit them accordingly?

@jawz101

This comment has been minimized.

Show comment
Hide comment
@jawz101

jawz101 Mar 23, 2018

I dunno. The wiki on here seems easier so we're not waiting on each other. And someone can easily fix even the fixes.

jawz101 commented Mar 23, 2018

I dunno. The wiki on here seems easier so we're not waiting on each other. And someone can easily fix even the fixes.

@jawz101

This comment has been minimized.

Show comment
Hide comment
@jawz101

jawz101 Mar 23, 2018

Placer

  • Website: https://placer.io/
  • Comment: Placer provides instant access to location insights derived from foot-traffic of millions of consumers, delivering visibility into offline behavior. Our highly efficient SDK runs 24/7 in the background, identifying location visits while consuming less than 2% battery/day.
  • Category: [Analytics, Beacon]
  • Code signature: com.placer.
  • Network signature: xxx
  • Maven repository: xxx
  • Artifact ID: xxx
  • Group ID: xxx
  • Gradle: com.placer:placer:2.7.+@aar
  • Additional links: https://placer.readme.io/docs/android
  • Notes:

service
com.placer.client.PlacerScheduler

receiver
com.placer.client.PlacerReceiver

android.intent.action.BOOT_COMPLETED
android.intent.action.USER_PRESENT
com.placer.action.ENABLE_PLACER
com.placer.action.DISABLE_PLACER

provider
com.placer.library.tray.provider.TrayContentProvider

jawz101 commented Mar 23, 2018

Placer

  • Website: https://placer.io/
  • Comment: Placer provides instant access to location insights derived from foot-traffic of millions of consumers, delivering visibility into offline behavior. Our highly efficient SDK runs 24/7 in the background, identifying location visits while consuming less than 2% battery/day.
  • Category: [Analytics, Beacon]
  • Code signature: com.placer.
  • Network signature: xxx
  • Maven repository: xxx
  • Artifact ID: xxx
  • Group ID: xxx
  • Gradle: com.placer:placer:2.7.+@aar
  • Additional links: https://placer.readme.io/docs/android
  • Notes:

service
com.placer.client.PlacerScheduler

receiver
com.placer.client.PlacerReceiver

android.intent.action.BOOT_COMPLETED
android.intent.action.USER_PRESENT
com.placer.action.ENABLE_PLACER
com.placer.action.DISABLE_PLACER

provider
com.placer.library.tray.provider.TrayContentProvider

@kaputnikGo

This comment has been minimized.

Show comment
Hide comment
@kaputnikGo

kaputnikGo Mar 25, 2018

Foresee

additional SDK urls for events, surveys, whitelist:

analytics.foresee.com , i.4see.mobi , rec.replay.answerscloud.com , foreseeresults.com , foresee.com

kaputnikGo commented Mar 25, 2018

Foresee

additional SDK urls for events, surveys, whitelist:

analytics.foresee.com , i.4see.mobi , rec.replay.answerscloud.com , foreseeresults.com , foresee.com

@l1git

This comment has been minimized.

Show comment
Hide comment
@l1git

l1git Mar 25, 2018

from https://twitter.com/fs0c131y/status/977267255309463554

Website: https://clevertap.com/
Comment: "#CleverTap is the next generation app engagement platform. It enables marketers to identify, engage and retain users and provides developers"
Category: Tracking
Code signature: com.clevertap.android.sdk
Network signature: wzrkt.com
Maven repository: xxx.com
Artifact ID: xxx
Group ID: xxx
Gradle: ``
Additional links: https://github.com/CleverTap

l1git commented Mar 25, 2018

from https://twitter.com/fs0c131y/status/977267255309463554

Website: https://clevertap.com/
Comment: "#CleverTap is the next generation app engagement platform. It enables marketers to identify, engage and retain users and provides developers"
Category: Tracking
Code signature: com.clevertap.android.sdk
Network signature: wzrkt.com
Maven repository: xxx.com
Artifact ID: xxx
Group ID: xxx
Gradle: ``
Additional links: https://github.com/CleverTap

@kaputnikGo

This comment has been minimized.

Show comment
Hide comment
@kaputnikGo

kaputnikGo Mar 25, 2018

adding to already existing listing:

InMobi

  • Website: https://www.inmobi.com/
  • Comment: We pioneer mobile discovery through personalized advertising experiences, enabling consumers to discover new products and services through contextual and curated recommendations on mobile devices.
  • Category: [Analytics, Advertising, Identity, Location, Telemetry]
  • Code signature: com.inmobi
  • Network signature: config.inmobi.com
  • Maven repository: https://bintray.com/inmobi/maven/inmobi-ads
  • Artifact ID: inmobi-ads
  • Group ID: com.inmobi.monetization
  • Gradle: com.inmobi.monetization:inmobi-ads:7.0.1
  • Additional links: sdkm.w.inmobi.com/metrics/ , http://www.inmobi.com/products/sdk/#downloads , https://www.inmobi.com/sdk https://github.com/InMobi/sdk-sample-code-android
  • Notes: iOS and Android SDK, Integration with Unity and Cocos2D, Moat bridge, enum Ethnicity Education Gender AgeGroup HouseHoldIncome Interests etc, latest SDK 7.0.4

kaputnikGo commented Mar 25, 2018

adding to already existing listing:

InMobi

  • Website: https://www.inmobi.com/
  • Comment: We pioneer mobile discovery through personalized advertising experiences, enabling consumers to discover new products and services through contextual and curated recommendations on mobile devices.
  • Category: [Analytics, Advertising, Identity, Location, Telemetry]
  • Code signature: com.inmobi
  • Network signature: config.inmobi.com
  • Maven repository: https://bintray.com/inmobi/maven/inmobi-ads
  • Artifact ID: inmobi-ads
  • Group ID: com.inmobi.monetization
  • Gradle: com.inmobi.monetization:inmobi-ads:7.0.1
  • Additional links: sdkm.w.inmobi.com/metrics/ , http://www.inmobi.com/products/sdk/#downloads , https://www.inmobi.com/sdk https://github.com/InMobi/sdk-sample-code-android
  • Notes: iOS and Android SDK, Integration with Unity and Cocos2D, Moat bridge, enum Ethnicity Education Gender AgeGroup HouseHoldIncome Interests etc, latest SDK 7.0.4
@kaputnikGo

This comment has been minimized.

Show comment
Hide comment
@kaputnikGo

kaputnikGo Mar 25, 2018

Brightcove

kaputnikGo commented Mar 25, 2018

Brightcove

@kaputnikGo

This comment has been minimized.

Show comment
Hide comment
@kaputnikGo

kaputnikGo Mar 25, 2018

Integral Ad Science

kaputnikGo commented Mar 25, 2018

Integral Ad Science

@kaputnikGo

This comment has been minimized.

Show comment
Hide comment
@kaputnikGo

kaputnikGo Mar 25, 2018

PubMatic

kaputnikGo commented Mar 25, 2018

PubMatic

@kaputnikGo

This comment has been minimized.

Show comment
Hide comment
@kaputnikGo

kaputnikGo Mar 29, 2018

adding to already existing listing:

Kochava

  • Website: https://www.kochava.com
  • Comment: Kochava is the industry leader for mobile attribution and analytics, helping top brands harness their data for growth. Kochava is introducing the XCHNG Platform to equip the digital advertising ecosystem with an open and unified blockchain framework
  • Category: [Analytics, Advertising, Location, Identity]
  • Code signature: com.kochava.base
  • Network signature: *.api.kochava.com | control.kochava.com
  • Maven repository: http://kochava.bintray.com/maven
  • Artifact ID: tracker
  • Group ID: com.kochava.base
  • Gradle: com.kochava.base:tracker:x.y.z
  • Additional links:
  • Notes: Gradle:tracker:x.y.z == version number (latest 3.3.1), checks for root/su

kaputnikGo commented Mar 29, 2018

adding to already existing listing:

Kochava

  • Website: https://www.kochava.com
  • Comment: Kochava is the industry leader for mobile attribution and analytics, helping top brands harness their data for growth. Kochava is introducing the XCHNG Platform to equip the digital advertising ecosystem with an open and unified blockchain framework
  • Category: [Analytics, Advertising, Location, Identity]
  • Code signature: com.kochava.base
  • Network signature: *.api.kochava.com | control.kochava.com
  • Maven repository: http://kochava.bintray.com/maven
  • Artifact ID: tracker
  • Group ID: com.kochava.base
  • Gradle: com.kochava.base:tracker:x.y.z
  • Additional links:
  • Notes: Gradle:tracker:x.y.z == version number (latest 3.3.1), checks for root/su
@kaputnikGo

This comment has been minimized.

Show comment
Hide comment
@kaputnikGo

kaputnikGo Mar 29, 2018

Freckle IoT

  • Website: https://freckleiot.com/
  • Comment: Freckle IoT is the global leader in multi-touch, offline attribution. Our proprietary cross device solution supports all media verticals including mobile, desktop, social, radio, search, TV and out of home. Using opted-in, first-party data, Freckle IoT helps brands measure the effectiveness of their advertising by independently matching media spend to in-store visits while remaining media agnostic.
  • Category: [Beacon, Analytics, Advertising, Location]
  • Code signature: com.freckleiot.sdk
  • Network signature: adserver.freckleinc.com
  • Maven repository: xxx.com
  • Artifact ID: xxx
  • Group ID: xxx
  • Gradle: xxx
  • Additional links: https://www.neilsweeney.ceo/news/
  • Notes: "We increasingly have brands saying to us… 'I want to know data collection on Wendy's, Burger King and Starbucks and I want their first-party data and I want to actually mine that data." "Retailers want to know what is going on in their stores, but they also want to know what is going on in competitors’ stores. You can’t solve that with beacons." , uses Virtual Beacons - place virtual beacon in competitors' stores.

kaputnikGo commented Mar 29, 2018

Freckle IoT

  • Website: https://freckleiot.com/
  • Comment: Freckle IoT is the global leader in multi-touch, offline attribution. Our proprietary cross device solution supports all media verticals including mobile, desktop, social, radio, search, TV and out of home. Using opted-in, first-party data, Freckle IoT helps brands measure the effectiveness of their advertising by independently matching media spend to in-store visits while remaining media agnostic.
  • Category: [Beacon, Analytics, Advertising, Location]
  • Code signature: com.freckleiot.sdk
  • Network signature: adserver.freckleinc.com
  • Maven repository: xxx.com
  • Artifact ID: xxx
  • Group ID: xxx
  • Gradle: xxx
  • Additional links: https://www.neilsweeney.ceo/news/
  • Notes: "We increasingly have brands saying to us… 'I want to know data collection on Wendy's, Burger King and Starbucks and I want their first-party data and I want to actually mine that data." "Retailers want to know what is going on in their stores, but they also want to know what is going on in competitors’ stores. You can’t solve that with beacons." , uses Virtual Beacons - place virtual beacon in competitors' stores.
@jawz101

This comment has been minimized.

Show comment
Hide comment
@jawz101

jawz101 commented Mar 29, 2018

@kaputnikGo

This comment has been minimized.

Show comment
Hide comment
@kaputnikGo

kaputnikGo Mar 29, 2018

great find, it will take a while to go through this resource. Btw, maybe now is a good time to figure out a more efficient way of doing this, such as your suggestion for the wiki? Also a published list of categories that we should be using, cos i been adding a few such as "identity" where the SDK is gathering and sending high level PIIs.

kaputnikGo commented Mar 29, 2018

great find, it will take a while to go through this resource. Btw, maybe now is a good time to figure out a more efficient way of doing this, such as your suggestion for the wiki? Also a published list of categories that we should be using, cos i been adding a few such as "identity" where the SDK is gathering and sending high level PIIs.

@seandiggity

This comment has been minimized.

Show comment
Hide comment
@seandiggity

seandiggity Mar 29, 2018

A feature request might be a submission form, with two options:

  • "Basic": a person just has some ideas or a general description of the tracker, what apps it might be in, etc.
  • "Advanced": form fields that mirror the format in this Issue, and the eventual JSON format that the tracker db uses.

Lots to work on, of course, and I won't be getting to it anytime soon but it could be added to the Exodus Web UI or even just the main exodus-privacy.org website.

seandiggity commented Mar 29, 2018

A feature request might be a submission form, with two options:

  • "Basic": a person just has some ideas or a general description of the tracker, what apps it might be in, etc.
  • "Advanced": form fields that mirror the format in this Issue, and the eventual JSON format that the tracker db uses.

Lots to work on, of course, and I won't be getting to it anytime soon but it could be added to the Exodus Web UI or even just the main exodus-privacy.org website.

@kaputnikGo

This comment has been minimized.

Show comment
Hide comment
@kaputnikGo

kaputnikGo Mar 29, 2018

Because of the way i work (static analysis, apktool etc), the main problem Im finding is that i cant get the info necessary for the LibScout requirements mentioned in Issue #38 . I worry that this is causing more work down the track, so hopefully there is a quicker more efficient way that those contributing to this issue page could get good useful tracker details ready for inclusion in Exodus.
We could create a page on the wiki with Basic and Advanced sections?

kaputnikGo commented Mar 29, 2018

Because of the way i work (static analysis, apktool etc), the main problem Im finding is that i cant get the info necessary for the LibScout requirements mentioned in Issue #38 . I worry that this is causing more work down the track, so hopefully there is a quicker more efficient way that those contributing to this issue page could get good useful tracker details ready for inclusion in Exodus.
We could create a page on the wiki with Basic and Advanced sections?

@seandiggity

This comment has been minimized.

Show comment
Hide comment
@seandiggity

seandiggity Mar 29, 2018

you can sometimes find that info for #38 with dexdump, dedexer, dex2jar, etc. but not always. At least in my experience.

It's going to vary from tracker to tracker depending on the development workflow of the tracking company, the age of the SDK, whether some source is available, and so on.

Personally, I'm all ears to whatever the main contributors to this issue think makes sense. Wherever the info is submitted, it will need cleanup and checking.

@U039b care to weigh in on this?

seandiggity commented Mar 29, 2018

you can sometimes find that info for #38 with dexdump, dedexer, dex2jar, etc. but not always. At least in my experience.

It's going to vary from tracker to tracker depending on the development workflow of the tracking company, the age of the SDK, whether some source is available, and so on.

Personally, I'm all ears to whatever the main contributors to this issue think makes sense. Wherever the info is submitted, it will need cleanup and checking.

@U039b care to weigh in on this?

@kaputnikGo

This comment has been minimized.

Show comment
Hide comment
@kaputnikGo

kaputnikGo Mar 29, 2018

Moca

  • Website: https://www.mocaplatform.com/
  • Comment: Mobile marketing leaders use MOCA to drive mobile engagement, increase sales conversions and retention rate by connecting web, mobile and physical stores. Get everything you need to create amazing mobile experiences and get custom data analytics report.
  • Category: [Beacon, Analytics, Advertising, Location]
  • Code signature: com.innoquant.moca
  • Network signature: api-device.mocaplatform.com
  • Maven repository: https://dl.bintray.com/mocaplatform/maven
  • Artifact ID: moca-android-sdk
  • Group ID: com.mocaplatform
  • Gradle: xxx
  • Additional links: https://developer.mocaplatform.com/v2-sdk/docs/moca-android-sdk-installation https://console.mocaplatform.com
  • Notes: GCM / FCM: Cloud Messaging.

kaputnikGo commented Mar 29, 2018

Moca

  • Website: https://www.mocaplatform.com/
  • Comment: Mobile marketing leaders use MOCA to drive mobile engagement, increase sales conversions and retention rate by connecting web, mobile and physical stores. Get everything you need to create amazing mobile experiences and get custom data analytics report.
  • Category: [Beacon, Analytics, Advertising, Location]
  • Code signature: com.innoquant.moca
  • Network signature: api-device.mocaplatform.com
  • Maven repository: https://dl.bintray.com/mocaplatform/maven
  • Artifact ID: moca-android-sdk
  • Group ID: com.mocaplatform
  • Gradle: xxx
  • Additional links: https://developer.mocaplatform.com/v2-sdk/docs/moca-android-sdk-installation https://console.mocaplatform.com
  • Notes: GCM / FCM: Cloud Messaging.
@kaputnikGo

This comment has been minimized.

Show comment
Hide comment
@kaputnikGo

kaputnikGo Mar 29, 2018

I can usually only find maven stuff on the dev docs webpages (see above for Moca - ha, found it) , and a lot of them maintain their own repos so i can't get access unless i join up as a dev.
mainly at the moment im concerned about making too much unnecessary work for @U039b and you at integrating the posts to this issue into the exodus tracker list.

kaputnikGo commented Mar 29, 2018

I can usually only find maven stuff on the dev docs webpages (see above for Moca - ha, found it) , and a lot of them maintain their own repos so i can't get access unless i join up as a dev.
mainly at the moment im concerned about making too much unnecessary work for @U039b and you at integrating the posts to this issue into the exodus tracker list.

@kaputnikGo

This comment has been minimized.

Show comment
Hide comment
@kaputnikGo

kaputnikGo Mar 30, 2018

Proximi

  • Website: https://proximi.io/
  • Comment: Proximi.io is a developer platform offering you all the positioning technologies and all features in a simple solution. Enable outdoor and indoor positioning in your app through iBeacon, Eddystone beacons, IndoorAtlas geomagnetic positioning, Wi-Fi, GPS and cellular positioning. Proximi.io is truly technology-agnostic, and committed to supporting all of the major positioning technologies. In other words, you’ll be safe with us – no matter what technologies you want to use today or tomorrow. Add geofencing with top market quality background functionality for indoor or outdoor spaces. And top it all with wayfinding and location-based analytics.
  • Category: [Beacon, Analytics, Location]
  • Code signature: io.proximi.proximiiolibrary
  • Network signature: api.proximi.fi
  • Maven repository: https://bintray.com/proximi-io/proximiio-android/proximiio-android/2.7
  • Artifact ID: proximiiolibrary
  • Group ID: io.proximi.proximiiolibrary
  • Gradle: xxx
  • Additional links: https://proximi.io/docs/android/ https://github.com/proximiio/proximiio-android-demo
  • Notes:

kaputnikGo commented Mar 30, 2018

Proximi

  • Website: https://proximi.io/
  • Comment: Proximi.io is a developer platform offering you all the positioning technologies and all features in a simple solution. Enable outdoor and indoor positioning in your app through iBeacon, Eddystone beacons, IndoorAtlas geomagnetic positioning, Wi-Fi, GPS and cellular positioning. Proximi.io is truly technology-agnostic, and committed to supporting all of the major positioning technologies. In other words, you’ll be safe with us – no matter what technologies you want to use today or tomorrow. Add geofencing with top market quality background functionality for indoor or outdoor spaces. And top it all with wayfinding and location-based analytics.
  • Category: [Beacon, Analytics, Location]
  • Code signature: io.proximi.proximiiolibrary
  • Network signature: api.proximi.fi
  • Maven repository: https://bintray.com/proximi-io/proximiio-android/proximiio-android/2.7
  • Artifact ID: proximiiolibrary
  • Group ID: io.proximi.proximiiolibrary
  • Gradle: xxx
  • Additional links: https://proximi.io/docs/android/ https://github.com/proximiio/proximiio-android-demo
  • Notes:
@kaputnikGo

This comment has been minimized.

Show comment
Hide comment
@kaputnikGo

kaputnikGo Mar 30, 2018

IndoorAtlas

  • Website: http://www.indooratlas.com/
  • Comment: Indoor positioning systems (IPS) locate people or objects inside a building using radio signals, geomagnetic fields, inertial sensor data, barometric pressure, camera data or other sensory information collected by a smartphone device or tablet.
  • Category: [Beacon, Analytics, Location, Sensors]
  • Code signature: com.indooratlas.android.sdk
  • Network signature: ipsws.indooratlas.com
  • Maven repository: http://indooratlas-ltd.bintray.com/mvn-public
  • Artifact ID: indooratlas-android-sdk
  • Group ID: com.indooratlas.android
  • Gradle: xxx
  • Additional links: https://github.com/IndoorAtlas/android-sdk-examples https://www.youtube.com/watch?v=onm3sqQ4LMo
  • Notes: SDK class files contain many newlines (100-1000) between function calls

kaputnikGo commented Mar 30, 2018

IndoorAtlas

  • Website: http://www.indooratlas.com/
  • Comment: Indoor positioning systems (IPS) locate people or objects inside a building using radio signals, geomagnetic fields, inertial sensor data, barometric pressure, camera data or other sensory information collected by a smartphone device or tablet.
  • Category: [Beacon, Analytics, Location, Sensors]
  • Code signature: com.indooratlas.android.sdk
  • Network signature: ipsws.indooratlas.com
  • Maven repository: http://indooratlas-ltd.bintray.com/mvn-public
  • Artifact ID: indooratlas-android-sdk
  • Group ID: com.indooratlas.android
  • Gradle: xxx
  • Additional links: https://github.com/IndoorAtlas/android-sdk-examples https://www.youtube.com/watch?v=onm3sqQ4LMo
  • Notes: SDK class files contain many newlines (100-1000) between function calls
@jawz101

This comment has been minimized.

Show comment
Hide comment
@jawz101

jawz101 Mar 30, 2018

Personally, I've not touched apktool nor any other inspection tools. I've just been going with domains I know about and Google for their company, "(company name) Android sdk", searching GitHub for strings like "import com.(Company name)" to find if anyone has pulled a tracker into their own programs... junk like that.

Usually only takes a few minutes of time to get some basic info. Sometimes I do score a Maven repository url but it's hit and miss. GitHub itself has been the best source lol.

jawz101 commented Mar 30, 2018

Personally, I've not touched apktool nor any other inspection tools. I've just been going with domains I know about and Google for their company, "(company name) Android sdk", searching GitHub for strings like "import com.(Company name)" to find if anyone has pulled a tracker into their own programs... junk like that.

Usually only takes a few minutes of time to get some basic info. Sometimes I do score a Maven repository url but it's hit and miss. GitHub itself has been the best source lol.

@U039b

This comment has been minimized.

Show comment
Hide comment
@U039b

U039b Apr 1, 2018

Contributor

Hi all!!!
Thank you so much for your great job here! In order to test code signatures, I have extracted 4 234 171 unique Java class names from the 5000+ applications analyzed by εxodus. You can download the 24MB TGZ file, untar it and play like this:

grep -E "com.safegraph.|com.openlocate" uniq_list

where com.safegraph.|com.openlocate is the code signature you want to test.

I am working on the development of a collaborative platform meant to ease tracker investigation. This platform will also track all changes made on each object.

screenshot from 2018-04-01 18-25-03
screenshot-2018-4-1 change tracker django site admin

Contributor

U039b commented Apr 1, 2018

Hi all!!!
Thank you so much for your great job here! In order to test code signatures, I have extracted 4 234 171 unique Java class names from the 5000+ applications analyzed by εxodus. You can download the 24MB TGZ file, untar it and play like this:

grep -E "com.safegraph.|com.openlocate" uniq_list

where com.safegraph.|com.openlocate is the code signature you want to test.

I am working on the development of a collaborative platform meant to ease tracker investigation. This platform will also track all changes made on each object.

screenshot from 2018-04-01 18-25-03
screenshot-2018-4-1 change tracker django site admin

@kaputnikGo

This comment has been minimized.

Show comment
Hide comment
@kaputnikGo

kaputnikGo Apr 2, 2018

Lenddo

  • Website: https://www.lenddo.com/
  • Comment: See how Lenddo uses non-traditional data to provide credit scoring and verification to economically empower the emerging middle class around the world. We reinvent the consumer finance with life-changing services and give companies the ability to create positive social impact.
  • Category: [Analytics, Location, Identity]
  • Code signature: com.lenddo.mobile
  • Network signature: *.partner-service.link
  • Maven repository: xxx.xxx
  • Artifact ID: xxx
  • Group ID: xxx
  • Gradle: xxx
  • Additional links: https://github.com/Lenddo/android-lenddo
  • Notes: includes SDK com.androidhiddencamera , PSYCHOMETRICS_SERVICE_SELFIES , identification INDIA INDONESIA PHILLIPINES

kaputnikGo commented Apr 2, 2018

Lenddo

  • Website: https://www.lenddo.com/
  • Comment: See how Lenddo uses non-traditional data to provide credit scoring and verification to economically empower the emerging middle class around the world. We reinvent the consumer finance with life-changing services and give companies the ability to create positive social impact.
  • Category: [Analytics, Location, Identity]
  • Code signature: com.lenddo.mobile
  • Network signature: *.partner-service.link
  • Maven repository: xxx.xxx
  • Artifact ID: xxx
  • Group ID: xxx
  • Gradle: xxx
  • Additional links: https://github.com/Lenddo/android-lenddo
  • Notes: includes SDK com.androidhiddencamera , PSYCHOMETRICS_SERVICE_SELFIES , identification INDIA INDONESIA PHILLIPINES
@U039b

This comment has been minimized.

Show comment
Hide comment
@U039b

U039b Apr 3, 2018

Contributor

Hi @seandiggity @BillCarsonFr @jawz101 @l1git @sanpii

ETIP is now online: https://etip.exodus-privacy.eu.org/
It is a collaborative platform meant to easily create track profiles. It is more convenient than adding an issue per tracker.

Feel free to send me an email to exodus@0x39b.fr specifying your desired username + email address and I will send you a temporary password. Once registered, you will be able to freely contribute to the tracker identification process.
Cheers!

Contributor

U039b commented Apr 3, 2018

Hi @seandiggity @BillCarsonFr @jawz101 @l1git @sanpii

ETIP is now online: https://etip.exodus-privacy.eu.org/
It is a collaborative platform meant to easily create track profiles. It is more convenient than adding an issue per tracker.

Feel free to send me an email to exodus@0x39b.fr specifying your desired username + email address and I will send you a temporary password. Once registered, you will be able to freely contribute to the tracker identification process.
Cheers!

@seandiggity

This comment has been minimized.

Show comment
Hide comment
@seandiggity

seandiggity Apr 3, 2018

absolutely. awesome. thanks!

seandiggity commented Apr 3, 2018

absolutely. awesome. thanks!

@jawz101

This comment has been minimized.

Show comment
Hide comment
@jawz101

jawz101 Apr 3, 2018

thanks. right now I'm going through that uniq_list file and removing obfuscated portions, google and android classes, and some things that look generally innocuous. Kinda interesting. Finding some stuff I hadn't seen before.

jawz101 commented Apr 3, 2018

thanks. right now I'm going through that uniq_list file and removing obfuscated portions, google and android classes, and some things that look generally innocuous. Kinda interesting. Finding some stuff I hadn't seen before.

@jawz101

This comment has been minimized.

Show comment
Hide comment
@jawz101

jawz101 Apr 27, 2018

I just went through and added/updated all of the ones I'd collected info for. Do you all expect to reanalyze the apps for any new trackers that've been identified?

And does the progress bar beside each tracker on the https://etip.exodus-privacy.eu.org site mean it won't be ready until 100% completed?

Is someone going through our entries and making fixes? Like, I know some of the gradle entries I put are probably not always going to be a particular version number and some domains are randomly generated (ex: 234234135.mobileapptracking.com or whatever) so I didn't know if they get a better rule written.

jawz101 commented Apr 27, 2018

I just went through and added/updated all of the ones I'd collected info for. Do you all expect to reanalyze the apps for any new trackers that've been identified?

And does the progress bar beside each tracker on the https://etip.exodus-privacy.eu.org site mean it won't be ready until 100% completed?

Is someone going through our entries and making fixes? Like, I know some of the gradle entries I put are probably not always going to be a particular version number and some domains are randomly generated (ex: 234234135.mobileapptracking.com or whatever) so I didn't know if they get a better rule written.

@Manu1400

This comment has been minimized.

Show comment
Hide comment
@Manu1400

Manu1400 Apr 30, 2018

Opentracker

Manu1400 commented Apr 30, 2018

Opentracker

@jawz101 jawz101 referenced this issue Jun 5, 2018

Closed

Add more trackers #91

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment