What data do app trackers have access to?

I’m looking at an app that, according to Exodus, has several trackers:

  • AppsFlyer
  • Google Firebase Analytics
  • MixPanel
  • Bugsnag

My question is, if I don’t give the app any permissions (e.g. Contacts, Microphone, Camera, Storage, etc.), then what data do the trackers have access to?

Good question!!! :roll_eyes:

I think if you limit its activity, denying all your data, it is sure that the app couldn’t do his hidden job, I mean steal your data;
BUT this is in theory, because you should analyze all its data traffic to see what is transmitting and to whom…so it’s better that you don’t install that app :skull_and_crossbones:

1 Like

Thanks @claudio. I’m not an app developer, so I don’t understand very well what kind of access restrictions there are for apps. For instance, for the above app, if I look under App permissions -> All permissions, then after listing the permissions that I can disable, there is a category Other app capabilities, which lists the following:

  • have full network access
  • view network connections
  • Use fingerprint hardware
  • prevent phone from sleeping
  • control vibration
  • change your audio settings
  • Pair with Bluetooth devices
  • run at startup
  • listen to C2DM messages

On the surface, none of this seems too bad, but I’m wondering if I’m missing something.

I’m not a developer either, so sometimes I can not go beyond the good sense and to be a little bit intuitive :blush: but I think that sub menu refers to the same permission that you have denied or granted before… I think…

Anyway, until android 9 on Los and /e/ you can use Privacy Guard that is a GREAT tool to further filter the permissions you want to give to the app

Thanks @claudio for the tip about Privacy Guard.

I’m wondering if anyone else knows, if I’m developing an Android app and have no explicit permissions, how much information about the user’s activity do I have access to? For instance, can I see what other apps are installed or are being used?

1 Like

I would also like to know much more about trackers, and their implications on /e/.
Would love a [How to] article about it.

Yes you can. This information is available without any permission, and can be used to have a unique fingerprint of the device (because nobody has exactly the same list of installed app).

You could also install (and then enter in airplane mode) a lot of apps that gives you information about your device but without giving any permission. Every piece of information provided by these apps are also available to trackers.

Thanks @Anonyme. So if I understand correctly, even without any permissions, an app can build a fingerprint for a user using information such as which apps are installed, when the phone is plugged in, when it is turned on, etc. The same is true for trackers inside apps, so if a single tracker such as Google Firebase Analytics is running in several apps, then that tracker can monitor your activities in all of those apps.

Does that accurately summarize the privacy issues in Android that exist even when no permissions are granted?

Yes, that’s why you can’t just rely on permissions and have to install trustworthy apps.

You could also take a look at (on Pie) Settings > Security > Trust > Privacy Guard > 3dots > Advanced, in order to be able to choose which apps are allowed to start at boot or run in background (among other things).

And in Developer options (that you have to enable), it’s also interesting to look at “Running services”. Only apps that you are currently using should be running. If you see an app that should be completely closed, then check the Privacy Guard settings of this app as mentioned above to disable its permission to run in background or to start at boot.

I didn’t know Privacy Breacher, which is the perfect example of what I said earlier, thanks.

1 Like

Thanks @Anonyme for the tips!