Trackers in Certain "Privacy" Apps?

I mainly use obtainium and use aurora store for remaining apps I can’t get that way. I noticed that aurora store has a privacy scan function that tells you if there are trackers in the apps. Is this accurate? It is currently saying that…

  • Element X
  • Filen
  • Proton Calendar
  • Proton Mail
  • Proton Drive
  • Proton Pass
  • Tor Browser

…all have at least one tracker. Tor is the only one I can find info about. They claim the tracking code is “left over” since it is based on firefox, but that they claim it is turned off. Does anyone know about these other apps?

1 Like

What’s your concern here exactly?

1 Like

My concern is just figuring out if these apps really do have trackers, which seems in opposition to their stated privacy goals. And if they do have trackers, seeing if anyone knows exactly what they are tracking.

1 Like

There is nothing to worry about here with any “tracker” it may show it has. First, it depends on what it is and what it is doing. Second, there are many false positives too.

If there ever was an actual issue, it would be made a much bigger deal than it is and be made clear with the recommendation details about the app PG provides.

3 Likes

it is accurate

  • Element X: Sentry
  • Filen: Sentry & Firebase Analytics
  • Proton Calendar: Sentry
  • Proton Mail: Sentry
  • Proton Drive: Sentry
  • Proton Pass: Sentry
  • Tor Browser: Sentry & Glean (both disabled)

Firebase is only partially open source, most of it is proprietary, and it goes to Google.
Sentry is open source and can be either self hosted or not.
But the apps can choose how much they send through them.

You can also check the settings of each to see if they let you disable analytics.

7 Likes

True. Reporting tools can (and do) get very invasive, including screen recording?

Need for crash reports is acute though. I wish I could use Crashlytics / Sentry (a one-day task) for Rethink instead of spending weeks building out a custom, poor man’s reporting infrastructure, like we just did :frowning:

How do you check these? I would love to learn how to do it myself. Also, do you know what trackers OnlyOffice has?

1 Like

Exodus is the easiest: https://reports.exodus-privacy.eu.org/en/
But it can false positive sometimes, especially for variants available through eg. F-Droid

The alternative way to check them is to run an apk through enjarify then jad or jd-gui to dump the source code and check for known trackers manually.

1 Like

I tried this app a few years ago and it showed trackers in apps. It also promises to disable trackers in apps if run with root privileges.

1 Like