Found tracker in Scrambled-EXIF

I tested Scrambled-EXIF with ClassyShark3xodus and it identified a “ACRA” tracker (*µ?ACRA ; 198org.acra.). But when i check on Exodus Privacy - no trackers found. https://reports.exodus-privacy.eu.org/en/reports/com.jarsilio.android.scrambledeggsif/latest/

I test app from F-Droid and PlayStore and it is exactly the same.

Is this normal, someone to explain more?
Report this upstream on Gitlab.

I believe that @oF2pks might be able to help explain the discrepancy here.

My two cents at this moment would be a basic whois of acra (dot) org. But (???)

Source:  whoisarin.net
IP Address:  208.91.197.27
Name:  NETSOL
Handle:  NET-208-91-197-27-1
Registration Date:  3/7/15
Range:  208.91.197.27-208.91.197.27
Customer:  Network Solutions, LLC
Customer Handle:  C05642671
Address:  12808 Gran Bay Parkway West
City:  San Jacksonville
State/Province:  FL
Postal Code:  32258
Country:  United States

See: https://gitlab.com/juanitobananas/scrambled-exif/-/issues/42

acra is an open source app crash reporter. See https://github.com/ACRA/acra.

1 Like

@primarto ClassyShark3xodus has been updated: fixes and latest Exodus trackers database (294 lines) https://reports.exodus-privacy.eu.org/api/trackers .
I decided few months ago to add some missing known trackers : many of them are quite unused (but present in old apks), some are in stand-by in Exodus Etip (https://etip.exodus-privacy.eu.org/ wip before final validation) and few are bug tracker.

These additions use prefixes: ° ² µ

As example,

  • ° for missing: Amazon new active tracker AWS Kinesis is missing
  • ² for Etip stand-by: e.g. GravyAnalytics
  • µ for micro non-intrusive: Acra

All these additions have one thing in common on F-Droid: they should not be activated without the user consent; otherwise they will be flagged with antifeature warning.

So in fact, having a foss bugtracker like acra in fdroid apps, is an indicator of quality. In theory bugtrackers should only be present in debug/nightly apps; in live contributors’-team market apps, it’s fair to have acra onboard (with user consent).

I also decided to go for one single exception to Exodus official database: Mapbox is softened to MapboxTelemetry instead of the wider general map sdk detection .

More info: https://gitlab.com/oF2pks/3xodusprivacy-toolbox

PS: @uniqx @Izzy (@M66B ) , it seems prism-break.org considers Bugsnag as not 100% open-source tool (possibly due to sessions.bugsnag.com ?) : https://gitlab.com/prism-break/prism-break/-/issues/2221

1 Like

The Android Bugsnag client is 100% open source: https://github.com/bugsnag/bugsnag-android/

1 Like

@M66B that’s what I (lonely) suggested in https://gitlab.com/prism-break/prism-break/-/issues/2221 in FairEmail proposal…