Closed U039b closed 5 years ago
com.intrasonics
xxx.com
xxx.com
xxx
xxx
Foresee
4seeresults.com|analytics.foresee.com|i.4see.mobi|rec.replay.answerscloud.com|foreseeresults.com|foresee.com
I don't know if I'm doing this right but here's one
Adflake
com.swrve.sdk
*content.swrve.com|*api.swrve.com
xxx.com
xxx
com.swrve
xxx
xxx
xxx.com
https://dl.bintray.com/ironsource-mobile/android-sdk
xxx
xxx
com.ironsource.sdk:mediationsdk:6.7.7@jar
com.startapp.android.publish
dts.startappservice.com|init.startappservice.com|req.startappservice.com|info.static.startappservice.com
xxx.com
xxx
xxx
com.startapp:inapp-sdk:3.7.1
com.sense360.android.quinoa.lib.Sense360
quinoa-personal-identify-prod.sense360eng.com|android-quinoa-config-prod.sense360eng.com
xxx.com
xxx
xxx
com.sense360:sense360-quinoa:2.4.1@aar
com.rfm.sdk.|com.rfm.*
ads.rubiconproject.com|stats.aws.rubiconproject.com|fastlane.rubiconproject.com|optimized-by.rubiconproject.com|pixel.rubiconproject.com|tap2-cdn.rubiconproject.com|video-ads.rubiconproject.com
xxx.com
xxx
xxx
xxx
com.appboy.
taurus.iad.appboy.com|sdk-orion.appboy.com
http://appboy.github.io/appboy-android-sdk/sdk
xxx
xxx
com.appboy:android-sdk-ui:2.2.+
com.fiksu.asotracking
a.fiksu.com|sdk.fiksu.com
xxx.com
xxx
xxx
xxx
com.crittercism.app.Crittercism
api.crittercism.com|appload.ingest.crittercism.com|txn.ingest.crittercism.com
xxx.com
crittercism-android-agent
com.crittercism
com.crittercism:crittercism-android-agent:+|com.crittercism:crittercism-android-ndk-agent:+
com.sensoro.beacon.kit. | com.sensoro.cloud
xxx.com
xxx
xxx
xxx
com.ensighten
nexus.ensighten.com
xxx.com
ensighten-android-gradle-inpath-plugin
com.ensighten.android
xxx
xxx
cdn.dynamicyield.com | px.dynamicyield.com | st.dynamicyield.com
https://dl.bintray.com/dymobile/maven/
xxx
com.dynamicyield
com.dynamicyield:DYAPISDK:3.0.5
xxx
loadus.exelator.com
http://maven.exelate.com:8081/nexus/content/groups/public/
exelate-android-sdk
com.exelate
xxx
com.kakao.adfit.ads.
analytics.ad.daum.net|statistics.videofarm.daum.net
http://devrepo.kakao.com:8088/nexus/content/groups/public/
xxx
xxx
com.kakao.adfit:ads-base:3.0.2
com.gigya.
cdn.gigya.com|cdn1.gigya.com|cdn2.gigya.com|cdn3.gigya.com|cdns.us1.gigya.com
xxx.com
xxx
xxx
xxx
com.heyzap.sdk.ads.
ads.heyzap.com|fyc.heyzap.com|med.heyzap.com|x.heyzap.com
xxx.com
xxx
xxx
xxx
com.sponsorpay
appengage-video.sponsorpay.com|cdn1.sponsorpay.com|cdn2.sponsorpay.com|cdn3.sponsorpay.com|cdn4.sponsorpay.com|engine.sponsorpay.com
https://fyber.bintray.com/maven
sponsorpay-android-sdk
com.sponsorpay
xxx
com.vungle.publisher.*
ads.api.vungle.com|api.vungle.com|cdn-lb.vungle.com
https://jitpack.io
?xxx
xxx
com.github.vungle:vungle-android-sdk:5.3.2
?com.bluekai.sdk.
stags.bluekai.com|tags.bluekai.com
xxx.com
xxx
xxx
xxx
com.apsalar.sdk.*
xxx.com
xxx.com
xxx
xxx
xxx
com.appnext.*
global.appnext.com, admin..appnext.com
url "http://dl.appnext.com/"
xxx
xxx
com.appnext.sdk:ads:2.+,com.appnext.sdk:banners:2.+,com.appnext.sdk:native-ads2:2.+
android.gms.permission.ACTIVITY_RECOGNITION android.permission.ACCESS_WIFI_STATE android.permission.READ_PHONE_STATE android.permission.ACCESS_FINE_LOCATION android.permission.ACCESS_COARSE_LOCATION android.permission.GET_TASKS android.permission.REAL_GET_TASKS android.permission.PACKAGE_USAGE_STATS android.permission.WRITE_EXTERNAL_STORAGE android.permission.CAMERA android.permission.BLUETOOTH_ADMIN
We recommend that your privacy policy contain language materially similar to the following:
"We allow third-party companies to serve ads and collect certain anonymous information when you visit our app. These companies may use anonymous information such as your Google Advertising ID, your device type and version, browsing activity, location and other technical data relating to your device, in order to provide advertisements".
com.otherlevels.android.sdk
api.otherlevels.com | rich.otherlevels.com | geodata.otherlevels.com | tags.otherlevels.com | ws.otherlevels.com | mdn.otherlevels.com
xxx.com
xxx
xxx
I wish we had this thread in a different format so we could fill in the blanks on one anothers' posts. Like the wiki tab or something.
Has anyone been able to dig into that Moat company? I can't find any information on their integration instructions out there https://moat.com. The most I have is some DNS traffic from my mobile.
apx.moatads.com
js.moatads.com
pixel.moatads.com
z.moatads.com
github searches yield imports of com.moat.analytics.mobile.* into some people's apps.
com.moat.analytics.mobile
xxx.com
xxx.com
xxx
xxx
com.openx.view.plugplay | com.openx.android_sdk_openx
xxx.com
xxx.com
xxx
xxx
if there are additions or blanks in the comments made then maybe list them in a new comment and we can go over our own and edit them accordingly?
I dunno. The wiki on here seems easier so we're not waiting on each other. And someone can easily fix even the fixes.
com.placer.
xxx
xxx
xxx
xxx
com.placer:placer:2.7.+@aar
service com.placer.client.PlacerScheduler
receiver com.placer.client.PlacerReceiver
additional SDK urls for events, surveys, whitelist:
analytics.foresee.com , i.4see.mobi , rec.replay.answerscloud.com , foreseeresults.com , foresee.com
from https://twitter.com/fs0c131y/status/977267255309463554
Website: https://clevertap.com/ Comment: "#CleverTap is the next generation app engagement platform. It enables marketers to identify, engage and retain users and provides developers" Category: Tracking Code signature: com.clevertap.android.sdk Network signature: wzrkt.com Maven repository: xxx.com Artifact ID: xxx Group ID: xxx Gradle: `` Additional links: https://github.com/CleverTap
adding to already existing listing:
com.inmobi
config.inmobi.com
https://bintray.com/inmobi/maven/inmobi-ads
inmobi-ads
com.inmobi.monetization
com.inmobi.monetization:inmobi-ads:7.0.1
com.brightcove
metrics.brightcove.com/v2/tracker
http://repo.brightcove.com/releases
xxx
xxx
xxx
com.integralads
xxx.com
xxx.com
xxx
xxx
xxx
com.pubmatic.sdk
xxx.com
https://jitpack.io
common-sdk | native-sdk | pubmatic-sdk-android
com.github.PubMatic.pubmatic-sdk-android | com.github.PubMatic
pubmatic-sdk:common-sdk
adding to already existing listing:
com.kochava.base
*.api.kochava.com | control.kochava.com
http://kochava.bintray.com/maven
tracker
com.kochava.base
com.kochava.base:tracker:x.y.z
com.freckleiot.sdk
adserver.freckleinc.com
xxx.com
xxx
xxx
xxx
Big source of companies https://www.programmableweb.com/category/mobile/sdks
great find, it will take a while to go through this resource. Btw, maybe now is a good time to figure out a more efficient way of doing this, such as your suggestion for the wiki? Also a published list of categories that we should be using, cos i been adding a few such as "identity" where the SDK is gathering and sending high level PIIs.
A feature request might be a submission form, with two options:
Lots to work on, of course, and I won't be getting to it anytime soon but it could be added to the Exodus Web UI or even just the main exodus-privacy.org website.
Because of the way i work (static analysis, apktool etc), the main problem Im finding is that i cant get the info necessary for the LibScout requirements mentioned in Issue #38 . I worry that this is causing more work down the track, so hopefully there is a quicker more efficient way that those contributing to this issue page could get good useful tracker details ready for inclusion in Exodus. We could create a page on the wiki with Basic and Advanced sections?
you can sometimes find that info for #38 with dexdump, dedexer, dex2jar, etc. but not always. At least in my experience.
It's going to vary from tracker to tracker depending on the development workflow of the tracking company, the age of the SDK, whether some source is available, and so on.
Personally, I'm all ears to whatever the main contributors to this issue think makes sense. Wherever the info is submitted, it will need cleanup and checking.
@U039b care to weigh in on this?
com.innoquant.moca
api-device.mocaplatform.com
https://dl.bintray.com/mocaplatform/maven
moca-android-sdk
com.mocaplatform
xxx
I can usually only find maven stuff on the dev docs webpages (see above for Moca - ha, found it) , and a lot of them maintain their own repos so i can't get access unless i join up as a dev. mainly at the moment im concerned about making too much unnecessary work for @U039b and you at integrating the posts to this issue into the exodus tracker list.
io.proximi.proximiiolibrary
api.proximi.fi
https://bintray.com/proximi-io/proximiio-android/proximiio-android/2.7
proximiiolibrary
io.proximi.proximiiolibrary
xxx
com.indooratlas.android.sdk
ipsws.indooratlas.com
http://indooratlas-ltd.bintray.com/mvn-public
indooratlas-android-sdk
com.indooratlas.android
xxx
Personally, I've not touched apktool nor any other inspection tools. I've just been going with domains I know about and Google for their company, "(company name) Android sdk", searching GitHub for strings like "import com.(Company name)" to find if anyone has pulled a tracker into their own programs... junk like that.
Usually only takes a few minutes of time to get some basic info. Sometimes I do score a Maven repository url but it's hit and miss. GitHub itself has been the best source lol.
Hi all!!!
Thank you so much for your great job here! In order to test code signatures, I have extracted 4 234 171
unique Java class names from the 5000+ applications analyzed by εxodus. You can download the 24MB TGZ file, untar it and play like this:
grep -E "com.safegraph.|com.openlocate" uniq_list
where com.safegraph.|com.openlocate
is the code signature you want to test.
I am working on the development of a collaborative platform meant to ease tracker investigation. This platform will also track all changes made on each object.
com.lenddo.mobile
*.partner-service.link
xxx.xxx
xxx
xxx
xxx
In https://reports.exodus-privacy.eu.org/reports/37/:
com/applovin/adview/AppLovinInterstitialAdDialog
com/avocarrot/sdk/nativeassets/model/NativeAdData
com/appnext/ads/
com/inlocomedia/android/ads/AdType
com/moat/analytics/mobile/aol/NativeVideoTracker
com/mopub/common/GpsHelper
com/nativex/monetization/mraid/objects/CurrentPosition
com/unity3d/ads/android/UnityAds
com/vungle/publisher/AdConfig
com/youappi/ai/sdk/YouAPPi
Why the fuck this application requiresorg/apache/commons/math3/optimization
?