exodus-privacy / exodus Goto Github PK
View Code? Open in Web Editor NEWPlatform to audit trackers used by Android application
Home Page: https://reports.exodus-privacy.eu.org/
License: GNU Affero General Public License v3.0
Platform to audit trackers used by Android application
Home Page: https://reports.exodus-privacy.eu.org/
License: GNU Affero General Public License v3.0
In Report section -> All reports : Available reports.
Creating categories will make it easier to find an app.
Sorting applications by type would, for example, allow you to compare which bank application is the cleanest, etc...
Hello,
At the end of the README.md, the link to database was broken: https://seahub.0x39b.fr/d/c17dc0992a/
In order to complete the building process, the two libraries libxml2-dev
and libxslt1-dev
are required for the package lxml (https://github.com/Exodus-Privacy/exodus/blob/v1/requirements.txt#L46 )
Otherwise, the following error is raised :
Running setup.py bdist_wheel for lxml ... error
Complete output from command /home/remi/src/exodus/venv/bin/python3 -u -c "import setuptools, tokenize;__file__='/tmp/pip-build-8dyo5w5p/lxml/setup.py';f=getattr(tokenize, 'open', open)(__file__);code=f.read().replace('\r\n', '\n');f.close();exec(compile(code, __file__,
'exec'))" bdist_wheel -d /tmp/tmpp96zb30tpip-wheel- --python-tag cp35:
Building lxml version 4.1.1.
Building without Cython.
ERROR: b'/bin/sh: 1: xslt-config: not found\n'
** make sure the development packages of libxml2 and libxslt are installed **
This commit adds both libraries to the packages to be installed in the README.
It means report packages / libraries using "fingerprints", and maybe a manual way to warn about missing copyright notice.
Just because an app flooded of ads that don't respect Apache license and probably don't support its dependencies ...
Since the static analysis is just comparing names of classes in the dex file with class names of popular trackers (code_signature) obfuscated trackers will not be discovered by it.
The problem is that simply by renaming the classes you can prevent exodus from finding any tracker.
Developers have incentive to obfuscate their applications beyond making trackers undetectable:
Tools like proguard can be used for just this.
https://www.guardsquare.com/en/proguard
There are approaches that will detect trackers despite obfuscation attempts.
This paper introduces a obfuscation resiliant approach to detect libraries in android applications:
Titze, Dennis, Michael Lux, and Julian Schuette. "Ordol: Obfuscation-Resilient Detection of Libraries in Android Applications." Trustcom/BigDataSE/ICESS, 2017 IEEE. IEEE, 2017.
On the tracker report page,
there is a list on the right side that show the available reports of app containing this tracker.
It would be nice to be able to
That have a idea of the importance of the tracker and the most important vector of it.
it is cosmetic but as the info is avail in the app report maybe it can be easily seen here too.
When running the latest minio from https://dl.minio.io/server/minio/release/linux-amd64/minio
and then upload a large apk to it I get this error:
error InvalidPart Order
It is an issue in the verssion of minio-py that was fixed:
minio/minio-py#594
For me updating minio-py to the latest version fixed the problem - please update the requirements.txt
Display the number of analyzed applications in the top bar. You can also display the number of known trackers.
hey you can install androguard automatically using pip and a fixed version tag by adding to the requirements.txt the following line:
git+https://github.com/androguard/[email protected]
where you replace v3.1.0-pre.2 with the version tag you like
When landing on reports zone
UX could be improved.
I'm suggesting to keep the split between trackers and reports on top nav, but without the dropdown.
I would love to be able to sort APPs by:
A sortable table with a fixed header using jquery would do the job I suppose.
let me know if this issue belongs in exodus-core.
via @eighthave -
So I'm making a bot to automatically scan submissions to F-Droid. This
API is useful, but there is one small thing missing: an easy way to link
to the webpage for an app, like:https://reports.exodus-privacy.eu.org/reports/fr.meteo
or even using a SHA256 of the APK:
https://reports.exodus-privacy.eu.org/reports/8b4b20b3d10020b77dcd6239bab16d8d7edaf6f8d67b410bf9500acee8818df4
For now, could "/reports/search/fr.meteo" be used?
In my opinion, the hash would be much better for collaboration with other projects, but we need to think about aliases that are easier to remember than a hash as well. I would propose using Google Play app handle and version code, since Google does not allow you to change these two things (change the handle, and GP treats it as a new app. there can't be two identical version codes for the same app in GP). Example:
"/reports/fr.meteo/5080303"
For the 1500-2000 apps we have scanned already, we'd need to retain backwards compatibility for the reports.exodus-privacy.eu.org instance (even if this is done outside of the application via something like .htaccess redirects). There are a lot of articles and blog posts all over the Web that link to specific reports, and I'd hate to see all those links break.
When trying to analyse an application after installing exodus, the "Unable to analyze the APK file" is always returned. Looking at the erorr log of the worker, the issue is that there is no gplaycli.conf file in ~/.config/gplaycli (actually, the whole gplaycli folder doesn't exist). This means that the config file is not created either during installation or runtime. I have no idea what the config file should contain, but if it's supposed to be created automatically this is a bug. Alternatively, it would be good to have some text in the readme that shows what should be written in there manually.
show warning : Unable to decode the APK .
tried at ~18h33(CET)
https://play.google.com/store/apps/details?id=com.moviepass.mobile
Accepting suggestions could be weighted by the popularity/number of downloads.
Hi,
Thanks for this wonderful analysis tool!
I found an app (Oral-B app) which was requiring location permission, as was found by Exodus and confirmed by running the app.
This was really strange and quite concerning given the nature of the app (no use for location data). However, it pairs with a BLE device and https://stackoverflow.com/questions/41716452/why-location-permission-are-required-for-ble-scan-in-android-marshmallow-onwards seems to indicate this permission is perfectly legit then.
It would be awesome I think to have some insights about what is the typical use of a given permission. Typically when BLE permission is required, there could be a warning next to the location permission to indicate this might be just a side effect?
Additionally, it would be really cool to have a simple mark for every app (A to F, with colors) based on an estimated "safety" and confidence from the analysis.
Thanks!
Following #1, it would be great if we could filter the apps in https://reports.exodus-privacy.eu.org/reports/apps/.
I'd like to be able to:
For the moment we do not analyze the UDP traffic.
We have to analyze the UDP traffic. See the εxodus core DNS analyzer as example.
It would be nice in a report to sort all the permissions by "group".
For example in https://reports.exodus-privacy.eu.org/reports/235/, all "android.permission" permissions first (always), then "samsung.permission", then amazon permissions etc..
duplicate entries:
mobileanalytics.*.amazonaws.com
etl.tindersparks.com
Additionally, I've collected a bunch of domains from watching Adaway DNS logs specifically for Android for a few years here
https://github.com/jawz101/MobileAdTrackers/blob/master/hosts
It could be interesting to have twitter and facebook meta tags in reports allowing for (automatic ) nicer view when posted with url on those medias.
Ideally the bitmap shown would the summary of the report + trackers list.
some side info :
https://blog.vwriter.com/ultimate-guide-to-social-meta-tags-open-graph-and-twitter-cards/
https://www.bruceclay.com/blog/how-to-use-social-meta-tags/
https://moz.com/blog/meta-data-templates-123
Add a way to display if a tracker was found by the static or dynamic or both analysis.
This could to limit the number of false positive when an application includes URL of trackers to protect the user. In this case, the trackers are only found by the static analysis, not by the dynamic analysis.
Why not use a tricolour code to mark applications. Green for the most respectful, red for the worst.
This could put some pressure on those who decide to monetize our data with bad apps.
Hi,
I didn't check all app reports but I only found a list of DNS queries for this app: https://reports.exodus-privacy.eu.org/reports/67/
It would be appreciated to have the list of all DNS queries (related to trackers) you notice during the tests. It will help users to block them through the hosts file.
Thank you.
This is hopefully a simple tweak, but URLs without the trailing slash don't resolve to the correct pages/reports. This becomes a problem when sharing the URLs, for example via e-mail and social media.
Example:
https://reports.exodus-privacy.eu.org/reports/37
Should go to:
https://reports.exodus-privacy.eu.org/reports/37/
Just changes/additions to regex patterns in these files? https://github.com/Exodus-Privacy/exodus/search?utf8=%E2%9C%93&q=url(
When we add new trackers in the database exodus will rerun all the reports.
It will be very interesting to have a list of the changed reports. # #
Hi there,
I appear to have successfully uploaded a PCAP file via the connecter.py
script as template, as mentioned in #45. This is the output of the Exodus worker proces
[2018-02-13 08:47:58,572: INFO/MainProcess] Received task: exodus.core.dns.analyze_dns[57b99e38-60dc-48af-aa63-36951be1e867]
[2018-02-13 08:47:58,579: INFO/MainProcess] Received task: exodus.core.http.analyze_http[a8ce9b8b-8757-4c5c-bb7e-0651aa6dccf4]
[2018-02-13 08:48:08,053: INFO/MainProcess] Task exodus.core.dns.analyze_dns[57b99e38-60dc-48af-aa63-36951be1e867] succeeded in 9.479795052000554s
[2018-02-13 08:48:08,243: INFO/MainProcess] Task exodus.core.http.analyze_http[a8ce9b8b-8757-4c5c-bb7e-0651aa6dccf4] succeeded in 9.663444575999165s
Where can I now access the results of the analysis? I can't see any new information inside the reports; even though, after glancing the source code, I think that should be there. Browsing the apps on reports.exodus-privacy.eu.org I haven't seen examples either. Is this feature fully developed? Perhaps there is some SQL you can provide to verify the analysis was indeed a success?
Best,
Emile
For each tracker, I would like to see its description, for example when having the cursor over its name, or a title on the right of it (why not a "?" in a circle).
By description I mean what appears in the "About" section here : https://reports.exodus-privacy.eu.org/reports/440/.
On this report https://reports.exodus-privacy.eu.org/reports/381/ the android.permission.ACCESS_NETWORK_STATE
appears several times (3 times actually).
It kind of modifies my perception of an app to see that it asks so many permissions whereas some of them are actually duplicates.
On alpha android app it would be great to be able to select a tracker from a list (alternatively from the report of a specfic app) and then be able to see all apps on my phone that contains the culprit.
This would allow to remove all occurrences of a given tracker.
Hi, I've installed exodus following the instructions in the readme file (except I have postres 9.5 rather than 9.6) and everything went ok: minio is running and the web interface of exodus as well. However, if I try to access the admin page to login, I'm not taken there. The URL on the address bar is that of the admin page, but the page content is the same of the home page. Django reports this when I try to open the admin page:
[30/Nov/2017 13:18:27] "GET /admin HTTP/1.1" 200 3133
so it looks like there are no errors.
let me know if this issue belongs in exodus-core.
via @eighthave -
The index numbers here are strings of the integers:
https://reports.exodus-privacy.eu.org/api/trackers
{"trackers": {"1":While in the app result, they integers:
https://reports.exodus-privacy.eu.org/api/search/fr.meteo
{"trackers": [1,
The full name of an app should be displayed instead of a truncated name.
Example with Groupon:
I guess the title is truncated to respect the grid, so, ideally the fullname would be in the HTML and be truncated only by CSS, that would allow to search the fullname. Then a title attribute (or any popover would be fine) would display the full title when the cursor is on the app.
For the moment, there is no way the look for an application report.
We have to offer a small search engine allowing the user to look for an application by its display name or handle.
This is an enhacement request, rather than a bug. It would be nice to allow the exodus test to run on an apk uploaded locally, rather than fetched from Google Play. This has nothing to do with illegal stuff, but not all apps are on the Google Play and it would be nice to be able to test those as well.
It's necessary to put password in settings file, but the file is empty.
Set the password in the file Exodus/exodus/exodus/settings.py line 97.
I've managed to install and run my own installation of exodus but something weird is happening. First I tried to run the test on a few app that were not on the official report, then I tried another one that was on the report to see if there was any difference - and there is!
The app is Viber (com.viber.voip). In the official exodus report it's been tested on the 12th of November and the tested version is 7.9.0.6. Now, 3rd of December, the version installed on my phone is the 7.9.4.11 one but when I run the exodus test on Viber the version number 5.6.0.2415 gets downloaded and tested. Now, v.5 is pretty old and I wonder why this is the case. (On a side note, no trackers were reported for the v.5 app)
Same is for Firefox (v.57 in the report, v.56 downloaded by my installation)
Pi Hole allows the user to add other link to blacklist of this form.
We can easy generate this kind of list just by listing domains which are tagged as tracker.
εxodus knows a bunch of domains which are associated to trackers. In Pi Hole, user can add a URL pointing to a blacklist.
The main idea is to make εxodus providing such URL pointing to a blacklist (containing the list of trackers identified by εxodus). And users of Pi Hole can easily add εxodus blacklist to their Pi Hole instances.
Maybe its a filter in the app page or a dedicated link.
so to help communicating on the shamest list, and also help identify the ones that respect their users.
Hello,
I followed the readme step by step, that works fine (thank you for this great doc).
But when I try to load trackers, I got an error:
CommandError: No fixture named 'trackers' found.
I launch an analyse, and after the command works.
For the moment, the static analysis blocks the client HTTP request during the duration of the analysis.
The static analysis is started in the analysis query view. The static analysis function is defined in the εxodus core package.
We have to submit the static analysis task and detach it. The client is then redirected to a message explaining what is going on and ask to refresh the report list in few minutes.
In https://reports.exodus-privacy.eu.org/reports/37/:
com/applovin/adview/AppLovinInterstitialAdDialog
com/avocarrot/sdk/nativeassets/model/NativeAdData
com/appnext/ads/
com/inlocomedia/android/ads/AdType
com/moat/analytics/mobile/aol/NativeVideoTracker
com/mopub/common/GpsHelper
com/nativex/monetization/mraid/objects/CurrentPosition
com/unity3d/ads/android/UnityAds
com/vungle/publisher/AdConfig
com/youappi/ai/sdk/YouAPPi
org/apache/commons/math3/optimization
?We notice an increasing consumption of memory. Restarting the Celery worker release the memory.
The task is defined here.
It appears that task state is not released after task execution. A quick diff on:
shows duplicated unreleased resources.
Since we have read your report about the trackers we are embedding in our app, we have tried to clean our library imports from our gradle build script.
Is there a way to request you to test our new apk ? (I mean, not a manual request but an automated one).
I've run a test with an app that on the exodus report is full of trackers (okcupid): https://reports.exodus-privacy.eu.org/reports/49/ on my own installtion of exodus. The version in the official report is 8.11.1 while the one I just tested is 8.12.0. In the official report there are 7 trackers in the app, while my installation cannot detect any. Even if the app version is not the same, I doubt they have removed all trackers at once. My feeling is that my installation is not able to detect trackers. It detected permissions correctly, though. This is the worker's log for the app:
[2017-12-03 14:01:39,152: INFO/MainProcess] Received task: exodus.core.apk.download_apk[94676d20-a2dc-43b1-9fdd-8341bcc92c15] [2017-12-03 14:01:39,159: WARNING/Worker-1] gplaycli -v -a -t -y -pd com.okcupid.okcupid -f /tmp/tmpyttoksnl/ [2017-12-03 14:02:02,680: WARNING/Worker-1] b'[INFO] GPlayCli version 3.10 [Python3.5.2] \n[INFO] Configuration file is /home/iacopo/.config/gplaycli/gplaycli.conf\n[INFO] Retrieving token ...\n[INFO] Token: ewWKUBTs2tsU4jGcNwuOsVsHircbJ2XDYo2r3KYqZch_kvYss64-0oUEKDYJeMEoSed3-w.\n[INFO] GSFId: 3caf098d02b0f637\n[INFO] Using token to connect to API\n[INFO] 1 / 1 com.okcupid.okcupid\nDownload complete\n' [2017-12-03 14:02:02,785: WARNING/Worker-1] Connection pool is full, discarding connection: 127.0.0.1 [2017-12-03 14:02:02,838: WARNING/Worker-1] Connection pool is full, discarding connection: 127.0.0.1 [2017-12-03 14:02:02,858: INFO/MainProcess] Task exodus.core.apk.download_apk[94676d20-a2dc-43b1-9fdd-8341bcc92c15] succeeded in 23.699483317999693s: True [2017-12-03 14:02:02,868: INFO/MainProcess] Received task: exodus.core.apk.decode[31382cdc-2cb7-45a7-a6af-79702ee40e5a] [2017-12-03 14:02:02,870: INFO/MainProcess] Received task: exodus.core.apk.sha256sum[515f63fc-a5b7-41f8-89ae-1cd7c00e5620] [2017-12-03 14:02:02,953: INFO/MainProcess] Task exodus.core.apk.sha256sum[515f63fc-a5b7-41f8-89ae-1cd7c00e5620] succeeded in 0.0825788209995153s: b'b6b60d4d8a1becef01419485aedfe5a1942ed1dd25ceb8c4f9096e0603dab4b3' [2017-12-03 14:02:05,833: INFO/MainProcess] Task exodus.core.apk.decode[31382cdc-2cb7-45a7-a6af-79702ee40e5a] succeeded in 2.9569544399992083s: True [2017-12-03 14:02:05,867: INFO/MainProcess] Received task: exodus.core.apk.get_version[d8e170ef-7a05-4776-82c6-9d450ec74a75] [2017-12-03 14:02:05,871: INFO/MainProcess] Received task: exodus.core.apk.get_handle[1102e7e8-7802-4350-97d8-baab3b117df5] [2017-12-03 14:02:05,873: INFO/MainProcess] Received task: exodus.core.apk.get_permissions[e20bd8b3-3908-4923-8eb6-f24c5c872a5c] [2017-12-03 14:02:05,877: INFO/MainProcess] Received task: exodus.core.apk.find_trackers[1121445f-5e20-4bb9-a914-d8b548946547] [2017-12-03 14:02:05,878: INFO/MainProcess] Received task: exodus.core.apk.find_and_save_app_icon[b94d4175-fdda-4474-8507-5495b27f7d35] [2017-12-03 14:02:05,879: INFO/MainProcess] Received task: exodus.core.apk.get_app_infos[3b393d40-f1ca-49b6-92c4-0e5404c0f4bb] [2017-12-03 14:02:05,880: INFO/MainProcess] Received task: exodus.core.apk.get_version_code[e4f8b676-403f-4979-ac7a-cb8dfd305410] [2017-12-03 14:02:05,890: INFO/MainProcess] Task exodus.core.apk.get_handle[1102e7e8-7802-4350-97d8-baab3b117df5] succeeded in 0.0178719479999927s: 'com.okcupid.okcupid' [2017-12-03 14:02:05,896: INFO/MainProcess] Task exodus.core.apk.get_permissions[e20bd8b3-3908-4923-8eb6-f24c5c872a5c] succeeded in 0.022390117999748327s: ['android.permission.INTERNET', 'android.permission.VIBRATE', 'android.permission.ACCESS_NETWORK_STATE',... [2017-12-03 14:02:05,911: INFO/MainProcess] Task exodus.core.apk.find_trackers[1121445f-5e20-4bb9-a914-d8b548946547] succeeded in 0.029933583999991242s: [] [2017-12-03 14:02:05,912: INFO/MainProcess] Task exodus.core.apk.get_version[d8e170ef-7a05-4776-82c6-9d450ec74a75] succeeded in 0.04378886699942086s: '8.12.0' [2017-12-03 14:02:05,936: INFO/MainProcess] Task exodus.core.apk.get_version_code[e4f8b676-403f-4979-ac7a-cb8dfd305410] succeeded in 0.02285011599997233s: '1074' [2017-12-03 14:02:08,226: WARNING/Worker-3] Downloading https://lh3.googleusercontent.com/8EViHuRt1bABogN1TLPTLodjodJvRDF7QfSpoMkxgdIYe49068lfRgdNh9qWT8Ku7Ls=w300 [2017-12-03 14:02:08,266: INFO/MainProcess] Task exodus.core.apk.find_and_save_app_icon[b94d4175-fdda-4474-8507-5495b27f7d35] succeeded in 2.3543601819992546s: 'nlpxkohdbgmsoxzfgvjhdrwcrxvenrgytrwoxakubtgfwvqdhozxpyviivrl_com.okcupid.okcupid.png' [2017-12-03 14:02:11,109: INFO/MainProcess] Task exodus.core.apk.get_app_infos[3b393d40-f1ca-49b6-92c4-0e5404c0f4bb] succeeded in 5.212145216999488s: {'size': '11.59MB', 'downloads': '10,000,000+ downloads', 'version': '1074', 'handle': 'com.okcupid.okcupid', 'creator':... [2017-12-03 14:02:11,203: INFO/MainProcess] Received task: exodus.core.apk.clear_analysis_files[e5830826-d2e6-4d33-bb9b-6ba8f622239e] [2017-12-03 14:02:11,204: WARNING/Worker-2] Removing /tmp/tmpyttoksnl [2017-12-03 14:02:11,262: INFO/MainProcess] Task exodus.core.apk.clear_analysis_files[e5830826-d2e6-4d33-bb9b-6ba8f622239e] succeeded in 0.058638122999582265s: None
We have to inspect the traffic and determine what kind of data has leaked.
Androguard was not able to decode https://reports.exodus-privacy.eu.org/reports/34/
We have to detect failure and use dexdump
instead.
Start updating report "34" - 1/1
Traceback (most recent call last):
File "manage.py", line 22, in <module>
execute_from_command_line(sys.argv)
File "/home/exodus/exodus/venv/lib/python3.5/site-packages/django/core/management/__init__.py", line 364, in execute_from_command_line
utility.execute()
File "/home/exodus/exodus/venv/lib/python3.5/site-packages/django/core/management/__init__.py", line 356, in execute
self.fetch_command(subcommand).run_from_argv(self.argv)
File "/home/exodus/exodus/venv/lib/python3.5/site-packages/django/core/management/base.py", line 283, in run_from_argv
self.execute(*args, **cmd_options)
File "/home/exodus/exodus/venv/lib/python3.5/site-packages/django/core/management/base.py", line 330, in execute
output = self.handle(*args, **options)
File "/home/exodus/exodus/exodus/reports/management/commands/refreshstaticanalysis.py", line 76, in handle
static_analysis.save_embedded_classes_in_file(fp.name)
File "/home/exodus/exodus/exodus/exodus/core/static_analysis.py", line 103, in save_embedded_classes_in_file
f.write('\n'.join(self.get_embedded_classes()))
File "/home/exodus/exodus/exodus/exodus/core/static_analysis.py", line 94, in get_embedded_classes
self.decode_apk()
File "/home/exodus/exodus/exodus/exodus/core/static_analysis.py", line 51, in decode_apk
self.decoded = DalvikVMFormat(self.apk)
File "/home/exodus/exodus/venv/lib/python3.5/site-packages/androguard/core/bytecodes/dvm.py", line 7567, in __init__
self._load(buff)
File "/home/exodus/exodus/venv/lib/python3.5/site-packages/androguard/core/bytecodes/dvm.py", line 7578, in _load
self.map_list = MapList(self.CM, self.__header.map_off, self)
File "/home/exodus/exodus/venv/lib/python3.5/site-packages/androguard/core/bytecodes/dvm.py", line 7448, in __init__
mi.parse()
File "/home/exodus/exodus/venv/lib/python3.5/site-packages/androguard/core/bytecodes/dvm.py", line 7045, in parse
for i in range(0, self.size)]
File "/home/exodus/exodus/venv/lib/python3.5/site-packages/androguard/core/bytecodes/dvm.py", line 7045, in <listcomp>
for i in range(0, self.size)]
File "/home/exodus/exodus/venv/lib/python3.5/site-packages/androguard/core/bytecodes/dvm.py", line 1767, in __init__
self.value = EncodedArray(buff, cm)
File "/home/exodus/exodus/venv/lib/python3.5/site-packages/androguard/core/bytecodes/dvm.py", line 1425, in __init__
self.values.append(EncodedValue(buff, cm))
File "/home/exodus/exodus/venv/lib/python3.5/site-packages/androguard/core/bytecodes/dvm.py", line 1492, in __init__
self.value = cm.get_raw_string(id)
File "/home/exodus/exodus/venv/lib/python3.5/site-packages/androguard/core/bytecodes/dvm.py", line 7260, in get_raw_string
return self.__strings_off[off].get()
File "/home/exodus/exodus/venv/lib/python3.5/site-packages/androguard/core/bytecodes/dvm.py", line 1865, in get
return s.encode("UTF-16", "surrogatepass").decode("UTF-16")
UnicodeDecodeError: 'utf-16-le' codec can't decode bytes in position 38-39: illegal UTF-16 surrogate
[edited]
Start updating report "37" - 1/1
Reached a NAMESPACE_END without having the namespace stored before? Prefix ID: 37, URI ID: 188
Same UTF-16
issue with
Start updating report "65" - 1/1
Start updating report "112" - 1/1
Start updating report "110" - 1/1
Start updating report "114" - 1/1
Styles Offset given, but styleCount is zero.
Hey I want to use exodus for a seminar at university but I cannot find instructions on how to run the traffic analysis. Can somebody help?
Since LibScout requires tracker SDK (.aar
or .jar
) to work, we have to add following informations for each tracker we know:
.aar
or .jar
direct download linkFor example, the maven configuration for Facebook Audience is:
"name": "Facebook Audience",
"category": "Advertising",
"comment": "",
"groupid": "com.facebook.android",
"artefactid": "audience-network-sdk"
Add a sorting criteria in the application listing to sort applications whether one or more trackers was found in it or not. "Trackers Identified" vs. "No Known Trackers".
In the apps list (https://reports.exodus-privacy.eu.org/reports/apps/) it would be great if for each app I could see how many trackers are requested and how many permissions asked, without clicking on the app's link, for the latest report (I guess there might be 1 report/version ?).
This could be displayed a bit like bootstrap's badges, with counters https://getbootstrap.com/docs/4.0/components/badge/#example. There would be two badges per app : one for the number of trackers, one for the number of permissions asked.
It would be even better if a badge with a value of 0 would be displayed as green (it seems pretty fair to say that if not trackers are found, that's a good thing. One would have to also check the number of permissions of course).
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.