privacytools / privacytools.io

🛡🛠 You are being watched. Protect your privacy against global mass surveillance.
https://www.privacyguides.org
Creative Commons Zero v1.0 Universal
3.12k stars 384 forks source link

🆕 Software Suggestion | Exodus Privacy #747

Open wonnetz opened 5 years ago

wonnetz commented 5 years ago

Basic Information

Name: Exodus Privacy Category: Android Privacy Add-Ons Website: https://exodus-privacy.eu.org/en/ Google Play Store: https://play.google.com/store/apps/details?id=org.eu.exodus_privacy.exodusprivacy

Description

εxodus analyzes Android applications in order to list the embedded trackers. A tracker is a piece of software meant to collect data about you or your usages. So, εxodus reports tell you what are the ingredients of the cake. εxodus does not decompile applications, its analysis technic is legal.

Atavic commented 5 years ago

Platform to audit trackers used by Android application: https://github.com/Exodus-Privacy/exodus

ghost commented 5 years ago

It's important to point out that the exodus service only reports on the Google Playstore versions of apps, while the exodus software (linked by Atavic) reports on any APK file you feed it. Privacytools should probably endorse both.

There is a pitfall: a user who queries Jami using the service will see that there is a tracker, and they will perhaps assume that the F-Droid version of Jami has the tracker (which is not the case). In that particular case, Jami should already take Signal's place in the endorsements, and we should tell users that the F-Droid version is tracker-free and the Playstore version is not.

If the exodus service is endorsed, it would be worth stressing that the report is useless for F-Droid apps.

blacklight447 commented 5 years ago

How well maintained is the exodus database?

Mikaela commented 5 years ago

Exodus Privacy was recently on Gandi news and I understood that it's updated automagically.

Users enter the Google Play Store link or the handle of the app they want to analyze (in general it’s something like “com.java.name”) on the εxodus interface. If the latest version of the app is not in our database, we get the apk (i.e. the Android app) and launch the service that analyzes the app and looks for trackers. The platform then generates a report that we add to the global database which lets us monitor the app and its different versions.

I do now notice that they didn't comment on updates, but I imagine they exist.

Disclaimer? My domain is registered on Gandi and thus I follow their RSS feed.