• Melco@lemmy.world
    link
    fedilink
    English
    arrow-up
    2
    ·
    edit-2
    1 year ago

    Sure, there is a Google developer tool called classyshark which scans the code of any installed Android app and reports every class which you can view.

    There is a version on fdroid which uses the exodusprivacy database, version (eof443) to highlight any classes which match their tracking database. If you install the fdroid version of classyshark then install the Google play or fdroid version of this app you will see the telemetry framework they added plus you can look at every class and see exactly what it does and what data it is collecting and leaking.

    In this case there is a lot of telemetry code in this app. The issue is that it appears to be opt-in and the app itself does not contain any warning or setting to allow the user to disable it. This is disappointing for an app which is advertised as being privacy respecting.

    Regarding why exodus does not show the tracking on their website, I believe the exodus website is manually maintained. 3 times in the past I found trackers in apps that were listed on exodus as being clean. The exodus guys said this typically happens when a developer adds telemetry to a new version and the site was not updated yet. Each of the 3 times they updated their website to include the trackers after I found them with classyshark and reported it.

    Anyway with classyshark you don’t need to take anyone’s word for it, you can scan your apps yourself and it works offline too so you don’t even need to send hashes to the web to check your stuff.