How does trackers process works?

1

I just want to know the tracker life cycle works inside the android phone ?

  • When we install any application with trackers in it (any app from google playstore )

  • Are these trackers gets installed as apps ?

  • If the user remove this same app from phone does all trackers gets removed ?

  • What is the thing that ignites or activates these trackers

  • Can we locate or identify trackers by file explore ?

  • How does any tracker works ?
    Can anyone explain trackers life cycle ?

2

I will try to answer some of them, hoping that someone will give better answers.

1+2. Trackers are bundled within the app, I’m not sure how exactly.

  1. It should.

  2. A normal file explorer? I dont think so. There are apps that can identify known trackers, ClassyShark3xodus or Exodus.
    ClassyShark3xodus - Scan apps for warnings | F-Droid - Free and Open Source Android App Repository

(You can search for them in their webpage too)

https://reports.exodus-privacy.eu.org/

  1. I think that depends on which tracker is.
1 Like
3

Trackers track (part of) the app behaviour and/or your activity with it.

Not all trackers are malware or spyware. Indeed most of them are used for bug reporting, QoS or integration with 3rd party services or ads.

Trackers installed with an app are tied to the application lifecycle. If you remove an app you’ll remove the tracker.

Most issues with in-app trackers are related to android security issues. Some examples:

Until android 10 any app can read your clipboard
Until android 10 any app can get a list of the apps installed on your device.

Pair that with unsecure permissions (internet permission is always granted without user prompt, most apps request full storage permission…) and have fun.

But the worst case scenario involves:

  1. Vendor trackers - installed with the base OS. All permissions already granted. These apps can do what they want, always.
  2. The IPC mechanism on Android (the binder) can be used to track without raising doubts. Within the same signature (ie: your vendor or a company with multiple apps) it is possible to create a bound service on each app that wants to track you/your activity without explicit permission for the app. So, for example: a phone app with contacts permission, a file manager with full storage permissions, a gas station app with full location permission all can forward info to a service running on other application that has the internet permission (maybe a share your gif kind of app?)

All of this go from lol: you’re paranoid to big brother is watching me pretty quickly. My recommendation would be:

  • Get a phone from a reputable vendor
  • Do not install fishy apps or, if you install them, don’t grant full storage permission.

If possible choose: opensource apps from reputable sources > opensource apps > closed source apps from reputable sources > x-ray/naked camera-like apps :stuck_out_tongue:

3xodus can help you finding known trackers on installed apps. It can lead to false positives (it will flag a method as a tracker if the name and signature match even if the method is empty).

Again, keep in mind that most trackers are not malware/spyware.

2 Likes
4

My MNC Organization app contains 3 trackers
Why would they willing to add google tracker in their app ?

20201202_143315
20201202_143315720Ă—505 57.1 KB

We are not allowed to bring pen inside the floor why would they add google tracker in our phone ?

5

The trackers are compiled into the app. You can get a list of which apps have which trackers by installing classyshark3xodus, available from f-droid. The ones you have listed are similar to having Google Analytics on a web site.

1 Like
6

in my organization campus, gmail or any other google product is fully banned except google search engine but the same company using google trackers in their high secured app
Can you guess why ?

7

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.