New Data Sources: API Key Identifiers and BroadcastReceiver Declarations

A central focus of the Tracking the Trackers project has been to find simple ways to detect whether a given Android APK app file contains code which tracks the user. The ideal scenario is a simple program that can scan the APK and tell a non-technical user whether it contains trackers, but as decades of experience with anti-virus and malware scanners have clearly demonstrated, scanners will always contain a large degree of approximation and guesswork. [Read More]

εxodus ETIP: The Canonical Database for Tracking Trackers

There is a new story to add to the list of horrors of Surveillance Capitalism: the United States’ Military is purchasing tracking and location data from companies that track many millions of people. We believe the best solution starts with making people aware of the problem, with tools like Exodus Privacy. Then they must have real options for stepping out of “big tech”, where tracking dominates. F-Droid provides Android apps that are reviewed for tracking and other “anti-features”, and F-Droid is built into mobile platforms like CalyxOS that are free of proprietary, big tech software. [Read More]

On the classification of tracking

This position paper tries to outline a framework for defining trackers in smart phones and lists mechanisms for identifying them. It hopes to serve as the foundation for the work done in the Tracking-the-Trackers project. In section 1 we start with an abstract analysis of levels of unwanted behaviour in the context of tracking. Next, in section 2, we focus on an attacker’s perspective, on anonymity and pseudonymity. This foundation allows us to define terms which are needed throughout the paper. [Read More]

Free Software Tooling for Android Feature Extraction

As part of the Tracking the Trackers project, we are inspecting thousands of Android apps to see what kinds of tracking we can find. We are looking at both the binary APK files as well as the source code. Source code is of course easy to inspect, since it is already a form that is meant to be read and reviewed by people. Android APK binaries are a very different story. [Read More]

"Features" for Finding Trackers

One key component of the Tracking the Trackers project is building a machine learning (ML) tool to aide humans to find tracking in Android apps. One of the most important pieces of developing a machine learning tool is figuring out which “features” should be fed to the machine learning algorithms. In this context, features are constrained data sets derived from the whole data set. In our case, the whole data set is terabytes of APKs. [Read More]

Tracking the Trackers: using machine learning to aid ethical decisions

F-Droid is a free software community app store that has been working since 2010 to make all forms of tracking and advertising visible to users. It has become the trusted name for privacy in Android, and app developers who sell based on privacy make the extra effort to get their apps included in the collection. These include Nextcloud, Tor Browser,, and Tutanota. Auditing apps for tracking is labor intensive and error prone, yet ever more in demand. [Read More]