We're writing profiles on clandestine tracking software in mobile operating systems.
This repository contains research profiles on Android app trackers hidden in popular Google Play apps. It also contains guides to help readers understand the advertising tracker business, including a list of acroynyms, a glossary of terms, and a list of Android app permissions. Our release coincides with the excellent work of Exodus Privacy on their Exodus privacy auditing platform. Exodus is the first attempt at systematically auditing Google Play apps for the presence of tracker code, and the detailed descriptions here can now be integrated with the Exodus privacy auditing software.
The tracker profiles generated here move upstream to Exodus, then on to F-Droid for scanning of its own requests for packaging (i.e. apps that have been submitted to the F-Droid maintainers).
Tracker profiles submitted to Exodus will also be used in the Yalp Store and by plugins like Exodify to make sure that users are aware of the trackers in apps they may (or may not) choose to install from Google Play.
In these ways, the work done here has a tangible impact on the privacy and surveillance awareness of Android users.
Our documents will continue to be improved, and this is just the beginning of in-depth research into the wide world of tracker software inside mobile markets like Google Play and the Apple iOS app store.
Yale Privacy Lab explores the connection between privacy, security, and anonymity through hands-on software and hardware implementation. Yale Privacy Lab is an initiative of the Information Society Project at Yale Law School.
The Tracking Mobile Trackers effort is being led by Sean O'Brien, Laurin Weissinger, and Jonathan Oronzo. See https://privacylab.yale.edu/people
The documents here are dual-licensed under Creative Commons Attribution-ShareAlike 4.0 International and the GNU Affero General Public License version 3 or later.