Identify new trackers

[U039b]

In https://reports.exodus-privacy.eu.org/reports/37/:

• com/applovin/adview/AppLovinInterstitialAdDialog
• com/avocarrot/sdk/nativeassets/model/NativeAdData
• com/appnext/ads/
• com/inlocomedia/android/ads/AdType
• com/moat/analytics/mobile/aol/NativeVideoTracker
• com/mopub/common/GpsHelper
• com/nativex/monetization/mraid/objects/CurrentPosition
• com/unity3d/ads/android/UnityAds
• com/vungle/publisher/AdConfig
• com/youappi/ai/sdk/YouAPPi Why the fuck this application requires org/apache/commons/math3/optimization?

[kaputnikGo]

Intrasonics

• Website: http://www.intrasonics.com/
• Comment: We provide broadcast grade audio watermarking technology all over the world. Some of the things we make possible... National Audience Research, Measuring Advertising Reach, Synchronised Apps for TV, Radio & Cinema, Loyalty Schemes for Brands and Broadcasters, Interactive Toys & Wearables
• Category: Analytics, Tracking, Audio Watermarking, Location.
• Code signature: com.intrasonics
• Network signature: xxx.com
• Maven repository: xxx.com
• Artifact ID: xxx
• Group ID: xxx
• Gradle: ``
• Additional links: http://www.intrasonics.com/sdks/ https://bundles.intrasonics.com https://portal.intrasonics.com/ http://contentserver-dev.intrasonics.com
• Notes: web browser SDK, RT watermark encoding hardware/software. "People find the idea of apps that might be listening with the microphone while running in the background a bit spooky."

[jawz101]

Foresee

• Website: https://www.foresee.com
• Comment:
• Category: Analytics
• Code signature: com.foresee.sdk.ForeSee
• Network signature: 4seeresults.com|analytics.foresee.com|i.4see.mobi|rec.replay.answerscloud.com|foreseeresults.com|foresee.com
• Maven repository: http://foreseemobile.bintray.com/Android/
• Artifact ID:
• Group ID: com.foresee
• Gradle: com.foresee.sdk:sdk:+
• Additional links: https://developer.foresee.com/docs/android-sdk https://github.com/foreseecode/foresee-sdk-android-samples
• Notes: Replay allows clients to record how a user interacts with an application. The application’s screen is recorded along with gestures, such as taps and swipes, which together are used to produce a movie on ForeSee's servers. Replay is dependent on Trigger. Only users that have opted to participate in a satisfaction survey have their recordings sent to the servers.

I don't know if I'm doing this right but here's one

[jawz101]

Adflake

• Website: http://www.made-apps.com/
• Comment:
• Category: Advertising
• Code signature: com.adflake
• Network signature: metrics.adflake.com
• Maven repository:
• Artifact ID:
• Group ID:
• Gradle:
• Additional links: https://github.com/MADEAPPS/AdFlake-Client-Android www.adflake.com/sdk
• Notes: old?

[jawz101]

Adform

• Website: https://site.adform.com
• Comment:
• Category: Advertising
• Code signature: com.adform.sdk
• Network signature: track.adform.net
• Maven repository: https://github.com/adform/adform-android-sdk/raw/master/releases/
• Artifact ID:
• Group ID:
• Gradle: com.adform.advertising.sdk:advertising-sdk:2.7.2@aar
• Additional links: https://github.com/adform/adform-android-sdk
• Notes:

[jawz101]

Adfurikun

• Website: https://adfurikun.jp/adfurikun/
• Comment:
• Category: Advertising
• Code signature: jp.tjkapp.adfurikunsdk
• Network signature: ginf.adfurikun.jp|adfurikun.jp
• Maven repository:
• Artifact ID:
• Group ID:
• Gradle:
• Additional links: https://docs.adfurikun.jp/movie/android/2.7.1/
• Notes: I can't read Japanese

[jawz101]

Smart Ad Server

• Website: http://smartadserver.com
• Comment:
• Category: Advertising
• Code signature: com.smartadserver
• Network signature: adsrvr.org
• Maven repository: https://packagecloud.io/smartadserver/android/maven2
• Artifact ID:
• Group ID:
• Gradle: com.smartadserver.android:smart-instream-sdk:1.0.0@aar|com.smartadserver.android:smart-core-sdk:1.0.0@aar
• Additional links: https://github.com/smartadserver/SAS-DFP-Adapter-Android http://help.smartadserver.com/en/ http://documentation.smartadserver.com/instreamSDK/
• Notes:

[jawz101]

Swrve

• Website: https://www.swrve.com
• Comment: xxxx
• Category: [Analytics, Advertising]
• Code signature: com.swrve.sdk
• Network signature: *content.swrve.com|*api.swrve.com
• Maven repository: xxx.com
• Artifact ID: xxx
• Group ID: com.swrve
• Gradle: xxx
• Additional links: https://github.com/Swrve/swrve-android-sdk
• Notes: xxx

Iron Source

• Website: https://www.ironsrc.com
• Comment: xxxx
• Category: [Analytics, Advertising]
• Code signature: xxx
• Network signature: xxx.com
• Maven repository: https://dl.bintray.com/ironsource-mobile/android-sdk
• Artifact ID: xxx
• Group ID: xxx
• Gradle: com.ironsource.sdk:mediationsdk:6.7.7@jar
• Additional links: https://developers.ironsrc.com/ironsource-mobile/android/android-sdk/
• Notes: xxx

Startapp

• Website: https://www.startapp.com
• Comment: xxxx
• Category: [Analytics, Advertising]
• Code signature: com.startapp.android.publish
• Network signature: dts.startappservice.com|init.startappservice.com|req.startappservice.com|info.static.startappservice.com
• Maven repository: xxx.com
• Artifact ID: xxx
• Group ID: xxx
• Gradle: com.startapp:inapp-sdk:3.7.1
• Additional links: https://developers.startapp.com/ https://github.com/StartApp-SDK/StartApp_InApp_SDK_Example
• Notes: xxx

[jawz101]

Sense360

• Website: https://sense360.com/
• Comment: At the core of our research is our sensor-technology which uses the mobile sensors built into smartphones to understand a user’s location and activity. We have trained our algorithms with hundreds of thousands of labeled data points and incorporate data from GPS, accelerometer, gyroscope, barometer, wifi, ambient light, and many other sensors. This provides us with an anonymous, but highly accurate understanding of where, how, and when people interact with physical locations and businesses. Sense360’s sensor-technology is on dozens of apps and more than 2 million devices in the US. Our panel generates more than a terabyte of sensor data every single day and provides a detailed view of more than 150 million anonymous user visits a month.
• Category: [Analytics, Advertising]
• Code signature: com.sense360.android.quinoa.lib.Sense360
• Network signature: quinoa-personal-identify-prod.sense360eng.com|android-quinoa-config-prod.sense360eng.com
• Maven repository: xxx.com
• Artifact ID: xxx
• Group ID: xxx
• Gradle: com.sense360:sense360-quinoa:2.4.1@aar
• Additional links: https://github.com/Sense360 https://sense360.com/documentation.php?android
• Notes: Holy s***. Had to dig around on github to find people using it in their code to glean some info

[jawz101]

Rubicon Project

• Website: https://rubiconproject.com
• Comment: xxxx
• Category:
• Code signature: com.rfm.sdk.|com.rfm.*
• Network signature: ads.rubiconproject.com|stats.aws.rubiconproject.com|fastlane.rubiconproject.com|optimized-by.rubiconproject.com|pixel.rubiconproject.com|tap2-cdn.rubiconproject.com|video-ads.rubiconproject.com
• Maven repository: xxx.com
• Artifact ID: xxx
• Group ID: xxx
• Gradle: xxx
• Additional links: http://sdk.rubiconproject.com/Android/index.html https://github.com/rubicon-project/RFMAdSDK-Android
• Notes: xxx

[jawz101]

Appboy (bought by Braze)

• Website: https://www.braze.com
• Comment: xxxx
• Category: [Analytics, Advertising]
• Code signature: com.appboy.
• Network signature: taurus.iad.appboy.com|sdk-orion.appboy.com
• Maven repository: http://appboy.github.io/appboy-android-sdk/sdk
• Artifact ID: xxx
• Group ID: xxx
• Gradle: com.appboy:android-sdk-ui:2.2.+
• Additional links: http://documentation.braze.com/ https://github.com/Appboy/appboy-android-sdk
• Notes: xxx

[jawz101]

Fiksu

• Website: https://fiksu.com
• Comment: Fiksu DSP joins a massive, proprietary dataset with powerful segmentation tools to target and retain high-quality mobile audiences
• Category: [Analytics, Advertising]
• Code signature: com.fiksu.asotracking
• Network signature: a.fiksu.com|sdk.fiksu.com
• Maven repository: xxx.com
• Artifact ID: xxx
• Group ID: xxx
• Gradle: xxx
• Additional links: https://support.fiksu.com https://support.fiksu.com/display/FID/Android+Native+SDK+Integration+Instructions
• Notes: xxx

[jawz101]

Apteligent by VMWare (formerly crittercism)

• Website: http://www.apteligent.com
• Comment: Capture real time event data from key user flows in your app: screen load time, network events, crash reports, and more. Track key metrics, improve your app release-over-release, and focus on issues that matter to your users. Leverage billions of data points about the mobile ecosystem to benchmark your app and make data-driven decisions.
• Category: [Analytics, Advertising]
• Code signature: com.crittercism.app.Crittercism
• Network signature: api.crittercism.com|appload.ingest.crittercism.com|txn.ingest.crittercism.com
• Maven repository: xxx.com
• Artifact ID: crittercism-android-agent
• Group ID: com.crittercism
• Gradle: com.crittercism:crittercism-android-agent:+|com.crittercism:crittercism-android-ndk-agent:+
• Additional links: https://docs.apteligent.com/android/android.html
• Notes: xxx

[jawz101]

Sensoro

• Website: https://www.sensoro.com/
• Comment: SENSORO is committed to the convergence of the physical and digital world through the application of sensing technologies. SENSORO’s Alpha Product Suite delivers a comprehensive solution for implementing an easily managed and monitored IoT sensor network.
• Category: [Beacon]
• Code signature: com.sensoro.beacon.kit. | com.sensoro.cloud
• Network signature: xxxx
• Maven repository: xxx.com
• Artifact ID: xxx
• Group ID: xxx
• Gradle: xxx
• Additional links: https://www.sensoro.com/en/developer https://github.com/Sensoro/SDK-Android
• Notes: I've seen this in a points app for a franchise store so I assume they deploy Bluetooth beacons onsite for store promos. Also, I can disable all permissions for the app except modify system settings. If it's disabled the app force closes. It's the only app I've ever seen that happen with and I assume it's something to do with accessing your Bluetooth.

[jawz101]

Ensighten

• Website: https://www.ensighten.com
• Comment: Gain valuable insights into how consumers engage with your mobile app; unify app and web analytics through one platform. The way Ensighten Mobile works is that it allows marketers to insert a single line of code into their mobile apps. Within 15 minutes, it then compiles a mobile app library and submits it to app marketplaces for iOS, Android, or Windows Phone 8. So when marketers do want to go in and make changes to a mobile app, they can do that basically immediately – making testing and optimization a lot faster.
• Category: [Analytics, Advertising]
• Code signature: com.ensighten
• Network signature: nexus.ensighten.com
• Maven repository: xxx.com
• Artifact ID: ensighten-android-gradle-inpath-plugin
• Group ID: com.ensighten.android
• Gradle: xxx
• Additional links: https://github.com/Ensighten https://www.ensighten.com/wp-content/uploads/2017/01/Ensighten-Mobile-Marketing-Agility-without-an-SDK.pdf
• Notes: Says they do it without an SDK so the network signature is the most I've seen.

[jawz101]

Dynamic Yield

• Website: https://www.dynamicyield.com
• Comment: xxxx
• Category: [Analytics, Advertising]
• Code signature: xxx
• Network signature: cdn.dynamicyield.com | px.dynamicyield.com | st.dynamicyield.com
• Maven repository: https://dl.bintray.com/dymobile/maven/
• Artifact ID: xxx
• Group ID: com.dynamicyield
• Gradle: com.dynamicyield:DYAPISDK:3.0.5
• Additional links: https://github.com/dynamicyield https://bintray.com/dymobile
• Notes: xxx

[jawz101]

Exelate (A Nielsen Company)

• Website: www.exelator.com redirects to http://www.exelate.com
• Comment: xxxx
• Category: [Analytics, Advertising]
• Code signature: xxx
• Network signature: loadus.exelator.com
• Maven repository: http://maven.exelate.com:8081/nexus/content/groups/public/
• Artifact ID: exelate-android-sdk
• Group ID: com.exelate
• Gradle: xxx
• Additional links: xxx xxx
• Notes: had to look up some gists where someone was writing notes about integration curl -o exelate-android-sdk.apklib -u public:exelate -L "http://maven.exelate.com:8081/nexus/service/local/artifact/maven/redirect?r=exelate-mobile&g=com.exelate&a=exelate-android-sdk&v=LATEST&e=apklib"

[jawz101]

AdFit (Daum)

• Website: https://www.daum.net
• Comment: xxxx
• Category: [Analytics, Advertising]
• Code signature: com.kakao.adfit.ads.
• Network signature: analytics.ad.daum.net|statistics.videofarm.daum.net
• Maven repository: http://devrepo.kakao.com:8088/nexus/content/groups/public/
• Artifact ID: xxx
• Group ID: xxx
• Gradle: com.kakao.adfit:ads-base:3.0.2
• Additional links: https://developers.daum.net/services https://github.com/adfit/adfit-android-sdk/
• Notes: xxx

[jawz101]

Gigya

• Website: https://www.gigya.com
• Comment: 700 leading companies trust Gigya to turn unknown online visitors into known, loyal customers, with the industry’s number one customer identity management platform.
• Category: [Identity Management, Analytics]
• Code signature: com.gigya.
• Network signature: cdn.gigya.com|cdn1.gigya.com|cdn2.gigya.com|cdn3.gigya.com|cdns.us1.gigya.com
• Maven repository: xxx.com
• Artifact ID: xxx
• Group ID: xxx
• Gradle: xxx
• Additional links: https://developers.gigya.com/display/GD/Android https://github.com/gigya
• Notes: gigya-sdk-3.3.14.jar, several geographic activation servers, I don't know if this will find anything. Gigya is a 3rd party identity mgmt platform. Per the whitepaper on that site, Gigya is used by apps to handle their authentication. While possibly legitimate, the user would not know that an app uses a 3rd party svc to authenticate. Their privacy policy seems ok. They also offer analytics and customer insight/demographics stuff for their customers.

[jawz101]

Heyzap (bought by Fyber)

• Website: https://www.heyzap.com/
• Comment: xxxx
• Category: [Analytics, Advertising]
• Code signature: com.heyzap.sdk.ads.
• Network signature: ads.heyzap.com|fyc.heyzap.com|med.heyzap.com|x.heyzap.com
• Maven repository: xxx.com
• Artifact ID: xxx
• Group ID: xxx
• Gradle: xxx
• Additional links: https://developers.heyzap.com/docs/android_sdk_setup_and_requirements https://github.com/Heyzap
• Notes: Since it's a part of Fyber now, I don't know if the code signature and network signature should just be added to Fyber's detections or what.

SponsorPay (bought by Fyber)

• Website: https://sponsorpay.com (redirects to Fyber.com)
• Comment: xxxx
• Category: [Analytics, Advertising]
• Code signature: com.sponsorpay
• Network signature: appengage-video.sponsorpay.com|cdn1.sponsorpay.com|cdn2.sponsorpay.com|cdn3.sponsorpay.com|cdn4.sponsorpay.com|engine.sponsorpay.com
• Maven repository: https://fyber.bintray.com/maven
• Artifact ID: sponsorpay-android-sdk
• Group ID: com.sponsorpay
• Gradle: xxx
• Additional links: https://github.com/sponsorpay (redirects to Fyber's repo)
• Notes: I don't know if the network signatures should just be included in Fyber's or show them as separate?)

[jawz101]

Vungle

• Website: https://vungle.com
• Comment: xxxx
• Category: [Analytics, Advertising]
• Code signature: com.vungle.publisher.*
• Network signature: ads.api.vungle.com|api.vungle.com|cdn-lb.vungle.com
• Maven repository: https://jitpack.io ?
• Artifact ID: xxx
• Group ID: xxx
• Gradle: com.github.vungle:vungle-android-sdk:5.3.2 ?
• Additional links: https://support.vungle.com/hc/en-us https://github.com/Vungle/Android-SDK
• Notes: xxx

[jawz101]

BlueKai (acquired by Oracle)

• Website: http://bluekai.com/registry/
• Comment: Oracle helps increase transparency by showing you what types of interest segments are collected by the Oracle Data Cloud for use in interest-based advertising. Click here for more information about Oracle Data Cloud interest-based advertising, including information on how to opt-out.
• Category: [Analytics]
• Code signature: com.bluekai.sdk.
• Network signature: stags.bluekai.com|tags.bluekai.com
• Maven repository: xxx.com
• Artifact ID: xxx
• Group ID: xxx
• Gradle: xxx
• Additional links: https://docs.oracle.com/cloud/latest/marketingcs_gs/OMCDA/IntegratingBlueKaiPlatform/MobileIntegrations/android_sdk.html
• Notes: little information. Just reading their sdk readme.md in the above link. May be web traffic domains for the network signature so it may be better to regex.

[jawz101]

Apsalar

• Website: https://apsalar.com
• Comment: To get the most out of your first-party data, you need outstanding business and user capabilities. The Apsalar Mobile Marketing Cloud offers everything you need to take your marketing programs to even greater heights. With a data lookback of up to 2 years, and the most advanced cohorting capabilities in the mobile app category, you’ll understand the true business value of your programs, and identify the key characteristics of your best users and customers. Our easy-to-use tools give you the power to both understand your results and formulate plans for future success.
• Category: [Analytics]
• Code signature: com.apsalar.sdk.*
• Network signature: xxx.com
• Maven repository: xxx.com
• Artifact ID: xxx
• Group ID: xxx
• Gradle: xxx
• Additional links: http://support.apsalar.com/customer/en/portal/articles/2827278-integrating-the-android-sdk xxx
• Notes: xxx

[BillCarsonFr]

AppNext

• Website: https://www.appnext.com/
• Comment: Helping People Experience Apps at the Right Moments Throughout the Day
• Category: [Advertising, User acquisition]
• Code signature: com.appnext.*
• Network signature: global.appnext.com, admin..appnext.com
• Maven repository: url "http://dl.appnext.com/"
• Artifact ID: xxx
• Group ID: xxx
• Gradle: com.appnext.sdk:ads:2.+,com.appnext.sdk:banners:2.+,com.appnext.sdk:native-ads2:2.+
• Additional links: https://www.appnext.com/about-us/
• Notes: From the developer site: App Permissions The Appnext SDK uses the permissions granted to your app in order to improve campaigns targeting, and in order to suggest the most relevant apps to your users. We highly recommend that your app request the following permissions so we can better suggest apps to your users, and serve premium campaign types in your app:

android.gms.permission.ACTIVITY_RECOGNITION android.permission.ACCESS_WIFI_STATE android.permission.READ_PHONE_STATE android.permission.ACCESS_FINE_LOCATION android.permission.ACCESS_COARSE_LOCATION android.permission.GET_TASKS android.permission.REAL_GET_TASKS android.permission.PACKAGE_USAGE_STATS android.permission.WRITE_EXTERNAL_STORAGE android.permission.CAMERA android.permission.BLUETOOTH_ADMIN

We recommend that your privacy policy contain language materially similar to the following:

"We allow third-party companies to serve ads and collect certain anonymous information when you visit our app. These companies may use anonymous information such as your Google Advertising ID, your device type and version, browsing activity, location and other technical data relating to your device, in order to provide advertisements".

[kaputnikGo]

OtherLevels

• Website: https://www.otherlevels.com/
• Comment: OtherLevels provides the platform and the knowledge to help you increase conversion and deliver the right content, to the right user, at the right time, on the right channel. Engage and retain your customers better, with relevant, omni-channel campaigns across mobile app, mobile web and desktop.
• Category: Tracking, Location, Messaging, Advertising.
• Code signature: com.otherlevels.android.sdk
• Network signature: api.otherlevels.com | rich.otherlevels.com | geodata.otherlevels.com | tags.otherlevels.com | ws.otherlevels.com | mdn.otherlevels.com
• Maven repository: xxx.com
• Artifact ID: xxx
• Group ID: xxx
• Gradle: ``
• Additional links: https://www.otherlevels.com/partners/ https://beacons.otherlevels.com/ https://github.com/OtherLevels
• Notes: recent promotions of In-Play Messaging Solution for gambling and betting companies.

[jawz101]

I wish we had this thread in a different format so we could fill in the blanks on one anothers' posts. Like the wiki tab or something.

Has anyone been able to dig into that Moat company? I can't find any information on their integration instructions out there https://moat.com. The most I have is some DNS traffic from my mobile.

apx.moatads.com
js.moatads.com
pixel.moatads.com
z.moatads.com

github searches yield imports of com.moat.analytics.mobile.* into some people's apps.

[kaputnikGo]

Moat

• Website: https://moat.com/
• Comment: Because Moat Pro is designed to display advertisements, we recommend that you disable your ad blocker before you continue browsing. Moat measures real-time Attention Analytics over 33 billion times per day
• Category: Analytics, Tracking, Location, Beacon.
• Code signature: com.moat.analytics.mobile
• Network signature: xxx.com
• Maven repository: xxx.com
• Artifact ID: xxx
• Group ID: xxx
• Gradle: ``
• Additional links: example js bridge: http://js.moatads.com/forbes274355/moatad.js https://v4.moatads.com/pixel.gif || NEW -> https://cdn.krxd.net/partnerjs/segments_to_partner.js https://z.moatads.com/px2/client.js , //bn.pixel.moatads.com/pixel.gif , https://geo.moatads.com/n.js
• Notes: Moat Analytics SDK Version 2.2.0, json reports as gcm via Firebase, native display tracking with partner code (aer, aol, ina, inm, mpub, vng), webview JavaScript Bridge, partner.js has list of clients and partners, listens for ads via BTLE : https://webbluetoothcg.github.io/web-bluetooth/#bluetoothdevice , also webkitSpeechGrammar.name : speech recognition and synthesis. Their periscope tool is here: https://z.moatads.com/swf/p6.v3.swf (1px video tracker, offscreen)

[kaputnikGo]

OpenX

• Website: https://www.openx.com/
• Comment: Creating Quality Programmatic Advertising Markets That Drive Superior Monetization for Publishers & App Developers
• Category: Advertising, Analytics, Bidding, Identity, Location.
• Code signature: com.openx.view.plugplay | com.openx.android_sdk_openx
• Network signature: xxx.com
• Maven repository: xxx.com
• Artifact ID: xxx
• Group ID: xxx
• Gradle: ``
• Additional links: https://docs.openx.com/Content/developers/android-sdk/android-sdk.html https://docs.openx.com/Content/developers/containers/prebid-adapter.html https://community.openx.com/s/article/Mobile-SDK-Integration-Instructions
• Notes: MRAID compliance

[kaputnikGo]

if there are additions or blanks in the comments made then maybe list them in a new comment and we can go over our own and edit them accordingly?

[jawz101]

I dunno. The wiki on here seems easier so we're not waiting on each other. And someone can easily fix even the fixes.

[jawz101]

Placer

• Website: https://placer.io/
• Comment: Placer provides instant access to location insights derived from foot-traffic of millions of consumers, delivering visibility into offline behavior. Our highly efficient SDK runs 24/7 in the background, identifying location visits while consuming less than 2% battery/day.
• Category: [Analytics, Beacon]
• Code signature: com.placer.
• Network signature: xxx
• Maven repository: xxx
• Artifact ID: xxx
• Group ID: xxx
• Gradle: com.placer:placer:2.7.+@aar
• Additional links: https://placer.readme.io/docs/android
• Notes:

service com.placer.client.PlacerScheduler

receiver com.placer.client.PlacerReceiver

android.intent.action.BOOT_COMPLETED android.intent.action.USER_PRESENT com.placer.action.ENABLE_PLACER com.placer.action.DISABLE_PLACER provider com.placer.library.tray.provider.TrayContentProvider

[kaputnikGo]

Foresee

additional SDK urls for events, surveys, whitelist:

analytics.foresee.com , i.4see.mobi , rec.replay.answerscloud.com , foreseeresults.com , foresee.com

[l1git]

from https://twitter.com/fs0c131y/status/977267255309463554

Website: https://clevertap.com/ Comment: "#CleverTap is the next generation app engagement platform. It enables marketers to identify, engage and retain users and provides developers" Category: Tracking Code signature: com.clevertap.android.sdk Network signature: wzrkt.com Maven repository: xxx.com Artifact ID: xxx Group ID: xxx Gradle: `` Additional links: https://github.com/CleverTap

[kaputnikGo]

adding to already existing listing:

InMobi

• Website: https://www.inmobi.com/
• Comment: We pioneer mobile discovery through personalized advertising experiences, enabling consumers to discover new products and services through contextual and curated recommendations on mobile devices.
• Category: [Analytics, Advertising, Identity, Location, Telemetry]
• Code signature: com.inmobi
• Network signature: config.inmobi.com
• Maven repository: https://bintray.com/inmobi/maven/inmobi-ads
• Artifact ID: inmobi-ads
• Group ID: com.inmobi.monetization
• Gradle: com.inmobi.monetization:inmobi-ads:7.0.1
• Additional links: sdkm.w.inmobi.com/metrics/ , http://www.inmobi.com/products/sdk/#downloads , https://www.inmobi.com/sdk https://github.com/InMobi/sdk-sample-code-android
• Notes: iOS and Android SDK, Integration with Unity and Cocos2D, Moat bridge, enum Ethnicity Education Gender AgeGroup HouseHoldIncome Interests etc, latest SDK 7.0.4

[kaputnikGo]

Brightcove

• Website: https://www.brightcove.com
• Comment: Identify your best content and uncover actionable audience behaviors with comprehensive analytics and reporting. Dive into your viewer’s engagement data at an individual level with Brightcove’s advanced profile analytics.
• Category: [Analytics, Identity, Location]
• Code signature: com.brightcove
• Network signature: metrics.brightcove.com/v2/tracker
• Maven repository: http://repo.brightcove.com/releases
• Artifact ID: xxx
• Group ID: xxx
• Gradle: xxx
• Additional links: https://www.brightcove.com/en/online-video-platform/analytics https://www.brightcove.com/en/partners?pages=2 https://support.brightcove.com/ https://github.com/BrightcoveOS/android-player-samples
• Notes: Video delivery, DRM, Video Streaming, Monetization, partner integration

[kaputnikGo]

Integral Ad Science

• Website: https://integralads.com/
• Comment: Through innovation, key partnerships, and strong customer relationships, we’re driving the industry toward realizing the full potential of digital advertising. We’ve been first to break down walls to measure ad fraud and verify viewability on Facebook, Twitter and YouTube.
• Category: [Analytics, Advertising]
• Code signature: com.integralads
• Network signature: xxx.com
• Maven repository: xxx.com
• Artifact ID: xxx
• Group ID: xxx
• Gradle: xxx
• Additional links: https://integralads.com/uk/site-indexing-policy/ https://github.com/integralads http://50.60.132.101/IABAPI/iab/api/ https://mobile-static.adsafeprotected.com/avid-v2.js
• Notes: integrates with partner advertisers, web crawler User-agents: ia_archiver | ias_crawler | Nutch/2.2.1 , javascript injector, video ad session tracking

[kaputnikGo]

PubMatic

• Website: https://pubmatic.com/
• Comment: With a modular tech stack that can be customized for each client, PubMatic empowers publishers and media buyers with powerful solutions across channel, screen and format to meet their unique needs.
• Category: [Analytics, Advertising, Location, Identity]
• Code signature: com.pubmatic.sdk
• Network signature: xxx.com
• Maven repository: https://jitpack.io
• Artifact ID: common-sdk | native-sdk | pubmatic-sdk-android
• Group ID: com.github.PubMatic.pubmatic-sdk-android | com.github.PubMatic
• Gradle: pubmatic-sdk:common-sdk
• Additional links: https://community.pubmatic.com/community/developers/pages/sdks https://github.com/PubMatic/pubmatic-sdk-android/wiki/Passing-Targeting-Information http://showads.pubmatic.com/AdServer/AdServerServlet
• Notes: supported networks Facebook and MoPub, webview DEFAULT_USER_AGENT = "PubMaticAdSDK/"

[kaputnikGo]

adding to already existing listing:

Kochava

• Website: https://www.kochava.com
• Comment: Kochava is the industry leader for mobile attribution and analytics, helping top brands harness their data for growth. Kochava is introducing the XCHNG Platform to equip the digital advertising ecosystem with an open and unified blockchain framework
• Category: [Analytics, Advertising, Location, Identity]
• Code signature: com.kochava.base
• Network signature: *.api.kochava.com | control.kochava.com
• Maven repository: http://kochava.bintray.com/maven
• Artifact ID: tracker
• Group ID: com.kochava.base
• Gradle: com.kochava.base:tracker:x.y.z
• Additional links:
• Notes: Gradle:tracker:x.y.z == version number (latest 3.3.1), checks for root/su

[kaputnikGo]

Freckle IoT

• Website: https://freckleiot.com/
• Comment: Freckle IoT is the global leader in multi-touch, offline attribution. Our proprietary cross device solution supports all media verticals including mobile, desktop, social, radio, search, TV and out of home. Using opted-in, first-party data, Freckle IoT helps brands measure the effectiveness of their advertising by independently matching media spend to in-store visits while remaining media agnostic.
• Category: [Beacon, Analytics, Advertising, Location]
• Code signature: com.freckleiot.sdk
• Network signature: adserver.freckleinc.com
• Maven repository: xxx.com
• Artifact ID: xxx
• Group ID: xxx
• Gradle: xxx
• Additional links: https://www.neilsweeney.ceo/news/
• Notes: "We increasingly have brands saying to us… 'I want to know data collection on Wendy's, Burger King and Starbucks and I want their first-party data and I want to actually mine that data." "Retailers want to know what is going on in their stores, but they also want to know what is going on in competitors’ stores. You can’t solve that with beacons." , uses Virtual Beacons - place virtual beacon in competitors' stores.

[jawz101]

Big source of companies https://www.programmableweb.com/category/mobile/sdks

[kaputnikGo]

great find, it will take a while to go through this resource. Btw, maybe now is a good time to figure out a more efficient way of doing this, such as your suggestion for the wiki? Also a published list of categories that we should be using, cos i been adding a few such as "identity" where the SDK is gathering and sending high level PIIs.

[seandiggity]

A feature request might be a submission form, with two options:

• "Basic": a person just has some ideas or a general description of the tracker, what apps it might be in, etc.
• "Advanced": form fields that mirror the format in this Issue, and the eventual JSON format that the tracker db uses.

Lots to work on, of course, and I won't be getting to it anytime soon but it could be added to the Exodus Web UI or even just the main exodus-privacy.org website.

[kaputnikGo]

Because of the way i work (static analysis, apktool etc), the main problem Im finding is that i cant get the info necessary for the LibScout requirements mentioned in Issue #38 . I worry that this is causing more work down the track, so hopefully there is a quicker more efficient way that those contributing to this issue page could get good useful tracker details ready for inclusion in Exodus. We could create a page on the wiki with Basic and Advanced sections?

[seandiggity]

you can sometimes find that info for #38 with dexdump, dedexer, dex2jar, etc. but not always. At least in my experience.

It's going to vary from tracker to tracker depending on the development workflow of the tracking company, the age of the SDK, whether some source is available, and so on.

Personally, I'm all ears to whatever the main contributors to this issue think makes sense. Wherever the info is submitted, it will need cleanup and checking.

@U039b care to weigh in on this?

[kaputnikGo]

Moca

• Website: https://www.mocaplatform.com/
• Comment: Mobile marketing leaders use MOCA to drive mobile engagement, increase sales conversions and retention rate by connecting web, mobile and physical stores. Get everything you need to create amazing mobile experiences and get custom data analytics report.
• Category: [Beacon, Analytics, Advertising, Location]
• Code signature: com.innoquant.moca
• Network signature: api-device.mocaplatform.com
• Maven repository: https://dl.bintray.com/mocaplatform/maven
• Artifact ID: moca-android-sdk
• Group ID: com.mocaplatform
• Gradle: xxx
• Additional links: https://developer.mocaplatform.com/v2-sdk/docs/moca-android-sdk-installation https://console.mocaplatform.com
• Notes: GCM / FCM: Cloud Messaging.

[kaputnikGo]

I can usually only find maven stuff on the dev docs webpages (see above for Moca - ha, found it) , and a lot of them maintain their own repos so i can't get access unless i join up as a dev. mainly at the moment im concerned about making too much unnecessary work for @U039b and you at integrating the posts to this issue into the exodus tracker list.

[kaputnikGo]

Proximi

• Website: https://proximi.io/
• Comment: Proximi.io is a developer platform offering you all the positioning technologies and all features in a simple solution. Enable outdoor and indoor positioning in your app through iBeacon, Eddystone beacons, IndoorAtlas geomagnetic positioning, Wi-Fi, GPS and cellular positioning. Proximi.io is truly technology-agnostic, and committed to supporting all of the major positioning technologies. In other words, you’ll be safe with us – no matter what technologies you want to use today or tomorrow. Add geofencing with top market quality background functionality for indoor or outdoor spaces. And top it all with wayfinding and location-based analytics.
• Category: [Beacon, Analytics, Location]
• Code signature: io.proximi.proximiiolibrary
• Network signature: api.proximi.fi
• Maven repository: https://bintray.com/proximi-io/proximiio-android/proximiio-android/2.7
• Artifact ID: proximiiolibrary
• Group ID: io.proximi.proximiiolibrary
• Gradle: xxx
• Additional links: https://proximi.io/docs/android/ https://github.com/proximiio/proximiio-android-demo
• Notes:

[kaputnikGo]

IndoorAtlas

• Website: http://www.indooratlas.com/
• Comment: Indoor positioning systems (IPS) locate people or objects inside a building using radio signals, geomagnetic fields, inertial sensor data, barometric pressure, camera data or other sensory information collected by a smartphone device or tablet.
• Category: [Beacon, Analytics, Location, Sensors]
• Code signature: com.indooratlas.android.sdk
• Network signature: ipsws.indooratlas.com
• Maven repository: http://indooratlas-ltd.bintray.com/mvn-public
• Artifact ID: indooratlas-android-sdk
• Group ID: com.indooratlas.android
• Gradle: xxx
• Additional links: https://github.com/IndoorAtlas/android-sdk-examples https://www.youtube.com/watch?v=onm3sqQ4LMo
• Notes: SDK class files contain many newlines (100-1000) between function calls

[jawz101]

Personally, I've not touched apktool nor any other inspection tools. I've just been going with domains I know about and Google for their company, "(company name) Android sdk", searching GitHub for strings like "import com.(Company name)" to find if anyone has pulled a tracker into their own programs... junk like that.

Usually only takes a few minutes of time to get some basic info. Sometimes I do score a Maven repository url but it's hit and miss. GitHub itself has been the best source lol.

[U039b]

Hi all!!! Thank you so much for your great job here! In order to test code signatures, I have extracted 4 234 171 unique Java class names from the 5000+ applications analyzed by εxodus. You can download the 24MB TGZ file, untar it and play like this:

grep -E "com.safegraph.|com.openlocate" uniq_list

where com.safegraph.|com.openlocate is the code signature you want to test.

I am working on the development of a collaborative platform meant to ease tracker investigation. This platform will also track all changes made on each object.

[kaputnikGo]

Lenddo

• Website: https://www.lenddo.com/
• Comment: See how Lenddo uses non-traditional data to provide credit scoring and verification to economically empower the emerging middle class around the world. We reinvent the consumer finance with life-changing services and give companies the ability to create positive social impact.
• Category: [Analytics, Location, Identity]
• Code signature: com.lenddo.mobile
• Network signature: *.partner-service.link
• Maven repository: xxx.xxx
• Artifact ID: xxx
• Group ID: xxx
• Gradle: xxx
• Additional links: https://github.com/Lenddo/android-lenddo
• Notes: includes SDK com.androidhiddencamera , PSYCHOMETRICS_SERVICE_SELFIES , identification INDIA INDONESIA PHILLIPINES