How does these kind off trackers scanners work - if the thing that they are given as input is an apk?
Surely these APKs don’t want to broadcast publicly all their tracking partners, and would just bury tracking requests deep inside the code.
Are tracking scanners really sophisticated disassemblers?
If the service decides to encrypt the tracking data and send it to their own servers with their normal content before sending it on to the tracking servers, there’s no way to isolate it other than prevent it being collected in the first place. I believe Meta already does this to hide the vast amount of data they steal from your device with all their apps. It’s how they can hide the data they scrape via hacks that bypass regular sandboxing and permission restrictions.
How does these kind off trackers scanners work - if the thing that they are given as input is an apk?
Surely these APKs don’t want to broadcast publicly all their tracking partners, and would just bury tracking requests deep inside the code.
Are tracking scanners really sophisticated disassemblers?
App manager in particular uses a list of known tracking activities/services/etc, as far as I understand: https://muntashir.dev/AppManager/en/#subsec:faq:how-trackers-libs-updated
If the service decides to encrypt the tracking data and send it to their own servers with their normal content before sending it on to the tracking servers, there’s no way to isolate it other than prevent it being collected in the first place. I believe Meta already does this to hide the vast amount of data they steal from your device with all their apps. It’s how they can hide the data they scrape via hacks that bypass regular sandboxing and permission restrictions.
I have no idea but they list which trackers are used specifically like firebase, analytics etc
They look for imported tracking SDKs, URLs, template code blocks, etc.
So if they encrypt it before transmission it gets through.