u/MahereMarley

battery dying faster than usual. phone warm after raids. lag that wouldn't go away even

after closing the app. blamed the update. then the next update. eventually started actually looking into it.

background location was the first thing. pogo keeps tracking your GPS after you close it.

that alone explains the battery drain most people complain about.

then i checked the full permission list. 142 MB app. 42 permissions. the ad stack alone:

ACCESS_ADSERVICES_ATTRIBUTION

ACCESS_ADSERVICES_AD_ID

ACCESS_ADSERVICES_CUSTOM_AUDIENCE

ACCESS_ADSERVICES_TOPICS

AD_ID

5 separate ad permissions. for a pokemon game. but the one i still can't explain: READ_CONTACTS. no feature in the game uses your contacts. people flagged this back in 2016. niantic never addressed it. you can revoke it in settings and literally nothing breaks.

niantic is a real company, not some shady startup. but pogo is also one of the largest real-world location mapping operations ever built. every walk you take feeds that.

if you want to check for yourself:

- android settings → apps → pokemon go →permissions (check background location)

- AppXpose if you want to see the full APK breakdown

- revoke contacts permission, game runs fine

still day 1 player. not going anywhere.

just thought more people should know this.

Was setting up a fresh Pixel for a friend getting into crypto. Pulled the APKs of his installed apps through a tracker scanner before handing it back. Binance was the worst by a wide margin.

The official Binance Android APK ships with SDKs from ByteDance (TikTok parent) and Tencent (WeChat parent), plus more than a dozen other trackers. Checked the AndroidManifest, they're declared at install time, not loaded dynamically. AppsFlyer, Branch, Adjust, Sensors Data, ByteDance Applog, Tencent Beacon.

Ad-tech SDKs aren't passive. They collect device fingerprints, behavioral signals, and can read clipboard contents on Android 9 and older without any prompt. On Android 10+ clipboard access still works while the app is in the foreground, which is most of the time you're using a crypto app. The clipboard is where wallet addresses and seed phrases get pasted.

ByteDance and Tencent have spent years under US and EU scrutiny over data handovers. Embedding their telemetry into an app holding user funds, KYC documents, and 2FA seeds is a different risk surface than a video app.

if you want to verify this yourself:

- Exodus Privacy (reports exodus-privacy& search "Binance")

- NetGuard (no-root firewall, see which domains apps reach in real time)

- AppXpose (scans installed APKs directly on your Android device)

- PCAPdroid (capture and inspect actual network traffic from any app)

good luck sleeping after that

Was curious what Netflix actually does on my phone. Scanned the APK directly. Here's what came back:

Risk Score: 34/100 - MEDIUM

5 trackers found:

- Google Analytics

- Firebase Analytics

- Google AdMob

- AppsFlyer

- Crashlytics

Permissions that stood out:

- Microphone — likely for voice search

- Camera — no clear reason for a streaming app

- Nearby WiFi — for Chromecast discovery

- Bluetooth — for casting and audio devices

0 known data breaches which is actually rare.

The AdMob integration is the most interesting part - Netflix is a paid subscription service, so why is an advertising SDK embedded?

Scanned with AppXpose if anyone wants to check their own apps:
https://play.google.com/store/apps/details?id=com.appxpose.app&referrer=ref_apitest

Been building an Android APK scanner as a side project. After 3,745 scans, looked at which permissions each app category requests most.

Some make obvious sense:

- Maps at 96% GPS = navigation needs location

- Finance at 100% Camera = KYC verification

- Audio at 92% Foreground Service = background playback

Others are harder to explain:

- News apps: 75% Auto-Start on Boot

- Games: 39% Ad Tracking ID

- Shopping: 94% Camera + 72% Microphone

The tracker SDK data was also interesting: unrecognized SDKs average 6.6 trackers per app, 3x more than known Ad SDKs.

Charts in the images above = permission heatmap by category, tracker distribution, and risk score breakdown.

Full interactive version: appxpose.app/research

Methodology: static APK analysis, permissions declared in manifest not necessarily all actively used.

Happy to answer questions about the approach.

Data source: Anonymous aggregated data from real Android device scans via AppXpose. Results aggregated across 3,800+ unique apps from 2,000+ devices.

Tools: Python, Matplotlib

Methodology: Each app was analyzed at APK bytecode level: tracker SDKs, dangerous permissions, and a composite risk score (0–100) based on tracker count, permission types, developer breach history and certificate integrity.

No personal data collected all results are aggregated per app, not per user.

I built AppXpose after realizing that Google’s Data Safety labels, the things supposed to tell you what an app collects, are entirely self-reported.

Four peer-reviewed studies later confirmed what I suspected: there’s a massive gap between what apps claim and what they actually do.

So I built a scanner that looks inside the APK directly.

Some highlights from the data:

•	Instagram: 68/100 HIGH risk

•	Most “free” apps embed 5-15 tracker SDKs you’ve never heard of

•	Signing certificates that don’t match what they should

•	Apps flagged in MalwareBazaar that are still live on the Play Store

The tracker detection runs fully on-device. Nothing gets uploaded. ~140 SDK signatures, growing via community discovery.

2,000+ installs, 4.6⭐ so far. Still early.

Happy to answer questions about what I found or how the scanner works.

Website for all infos -> https://appxpose.app

App dowloandlink -> https://play.google.com/store/apps/details?id=com.appxpose.app

Here is something most people do not know:

When you download a free app, the people who made it often hide small pieces of code inside it that belong to other companies. These companies use that code to watch what you do, where you go, and what you buy. Then they sell that information.

You never agreed to that. You just pressed install.

AppXpose scans every app on your Android phone and shows you:

- Which outside companies are secretly collecting your data through each app

- What kind of data they are collecting

- A simple score from 0 to 100 so you can see which apps are the worst

- An alert if an app quietly adds new data collectors after an update

No technical knowledge needed. If you can read a weather app, you can read AppXpose.

We have also scanned popular apps like WhatsApp, Instagram, Telegram, and Amazon so you can see the results before even downloading. Check them out at appxpose.app/scans

Free on Google Play.2000+ installs, 4.6 stars