Our static detection method looks in applications for the presence of a defined list of trackers. If the signature of a tracker is detected in the analysis, its presence is indicated in the report. This is not a proof of activity of these trackers.
So I suggest to look for the signature of methods call instead of look for imports (actually, the application is looking for anything that contains trackers but this work is on progress https://github.com/Exodus-Privacy/exodus-core/pull/35). It will avoid to trigger false positives on applications that imports libraries of trackers but do not use these. Of course nothing forbid us to tell to the consumer that an unused tracker is present or to make another settings.
In a far future, we may want to use the events of the davilk vm to locate exactly when a tracker is called. Example: when a call on the method onResume() is found, we tell to the user each time when you resume your application, X tracker takes X informations.
It sounds hard but not impossible. I am more and more familiar with androguard. I let you some links to the doc that may help:
Currently, exodus privacy only looks for tracker signature and does not care of the context. As told on the site https://exodus-privacy.eu.org/en/page/faq/#negatives
So I suggest to look for the signature of methods call instead of look for imports (actually, the application is looking for anything that contains trackers but this work is on progress https://github.com/Exodus-Privacy/exodus-core/pull/35). It will avoid to trigger false positives on applications that imports libraries of trackers but do not use these. Of course nothing forbid us to tell to the consumer that an unused tracker is present or to make another settings.
In a far future, we may want to use the events of the davilk vm to locate exactly when a tracker is called. Example: when a call on the method onResume() is found, we tell to the user
each time when you resume your application, X tracker takes X informations.It sounds hard but not impossible. I am more and more familiar with androguard. I let you some links to the doc that may help:
https://androguard.readthedocs.io/en/latest/api/androguard.core.bytecodes.html#androguard.core.bytecodes.dvm.DalvikVMFormat.get_methods_class
to find any function declarations
https://androguard.readthedocs.io/en/latest/api/androguard.core.bytecodes.html#androguard.core.bytecodes.dvm.EncodedMethod.get_instructions
to get the instructions of this function
https://androguard.readthedocs.io/en/latest/api/androguard.core.bytecodes.html#androguard.core.bytecodes.dvm.Instruction.show_buff
to list any tracker. We have to parse.
Good luck.