Privacy Tools Guide

Mobile applications frequently bundle third-party software development kits (SDKs) that collect user data for analytics, advertising, and other purposes. Understanding what these SDKs do is essential for developers building privacy-conscious apps and for power users who want to know what happens on their devices. This guide covers practical methods to audit mobile app SDKs and identify third-party trackers in iOS and Android applications.

Why SDK Auditing Matters

Third-party SDKs can transmit sensitive user data to remote servers without clear disclosure. Common data points include device identifiers, location information, installation details, browsing behavior, and contact lists. Some SDKs share data with advertising networks, data brokers, or analytics platforms. By auditing the SDKs embedded in an app, you can identify privacy risks, ensure compliance with regulations like GDPR and CCPA, and make informed decisions about which apps to use or distribute.

Static Analysis: Examining App Binaries

Static analysis involves examining the compiled app without running it. This approach reveals what SDKs are present in the app bundle.

Android APKs

Android apps distributed as APK files can be extracted and analyzed. Use apktool to decode the app resources:

apktool d myapp.apk -o myapp_decoded
cd myapp_decoded
ls -la lib/

The lib/ directory contains native libraries (.so files) for different architectures. SDKs often include native code for performance-critical operations.

More importantly, examine the smali/ directory for decompiled Dalvik bytecode:

grep -r "com\.adjust" smali/     # Look for Adjust SDK
grep -r "com\.google\.analytics" smali/
grep -r "com\.facebook\.ads" smali/

The AndroidManifest.xml file reveals declared permissions and components:

grep -E "permission|activity|service|receiver" AndroidManifest.xml

iOS Apps

iOS apps distributed as IPA files can be extracted similarly. First, rename the IPA to ZIP and extract:

mv myapp.ipa myapp.zip
unzip myapp.zip
ls Payload/MyApp.app/

The app bundle contains the executable and frameworks. List embedded frameworks:

ls -la Payload/MyApp.app/Frameworks/

Search for known tracker frameworks:

strings Payload/MyApp.app/MyApp | grep -i "appsflyer\|adjust\|branch\|mixpanel"

The Info.plist file contains declared permissions and URL schemes that reveal tracker integrations.

Identifying Common Tracker SDKs

Several SDKs appear frequently in mobile apps for tracking purposes. Recognizing these helps you understand what data flows where.

Advertising and Attribution SDKs

Analytics SDKs

Advertising ID Retrieval

Many trackers access the advertising identifier (IDFA on iOS, GAID on Android). Search for these references:

# Android - search for advertising ID access
grep -r "AdvertisingIdClient" smali/

# iOS - check for IDFA access frameworks
otool -L Payload/MyApp.app/MyApp | grep -i "advertising\|identifier"

Dynamic Analysis: Runtime Monitoring

Static analysis shows what SDKs exist, but dynamic analysis reveals what they actually do at runtime.

Network Traffic Monitoring

Intercept network traffic to see where data goes. Set up a proxy like mitmproxy:

mitmproxy -p 8080

Configure your device or emulator to use the proxy. On Android, you may need to install the mitmproxy CA certificate. On iOS, install the profile in Settings > General > VPN & Device Management.

Once traffic flows through the proxy, use the app and examine requests. Look for:

Filter mitmproxy to isolate tracker traffic:

# In mitmproxy, filter by domain
set view.filter = "~d adjust.com | ~d appsflyer.com"

Android: Using Logcat

Android’s logcat reveals SDK behavior at runtime. Filter for specific SDKs:

adb logcat | grep -i "adjust\|appsflyer\|mixpanel"

For more detailed analysis, use tools like MobSF (Mobile Security Framework), which automates both static and dynamic analysis:

# Run MobSF Docker container
docker run -it -p 8000:8000 opensecurity/mobsf:latest

Access the web interface at http://localhost:8000 and upload your APK or IPA for automated analysis.

iOS: Debugging with Frida

Frida allows you to instrument iOS apps at runtime. Hook into tracker SDKs to see what data they collect:

frida -U -f com.example.myapp -l tracker-hook.js

Example hook to interceptAdjust SDK calls:

// tracker-hook.js
Interceptor.attach(Module.findExportByName("libAdjust.so", "Java_com_adjust_sdk_Adjust trackEvent"), {
    onEnter: function(args) {
        console.log("Adjust event: " + Java.vm.tryGetEnv().getJavaVM());
    }
});

Code-Level Auditing: Examining SDK Integration

When you have access to the app’s source code, examine how SDKs are initialized and used.

Android: Check Application Class

In Android apps, SDKs often initialize in the Application class:

public class MyApplication extends Application {
    @Override
    public void onCreate() {
        super.onCreate();

        // Analytics initialization
        FirebaseAnalytics.getInstance(this);

        // Attribution SDK
        AdjustConfig config = new AdjustConfig(this, "APP_TOKEN", AdjustEnvironment.SANDBOX);
        Adjust.onCreate(config);
    }
}

Look for configuration options that control data collection:

// Disable data collection
FirebaseAnalytics.getInstance(this).setAnalyticsCollectionEnabled(false);

// Opt-out for Adjust
config.setDeferredDeeplinkCallbackListener(@NonNull DeferredDeeplinkCallbackListener));

iOS: Check App Delegate

iOS apps initialize SDKs in the App Delegate:

func application(_ application: UIApplication, didFinishLaunchingWithOptions launchOptions: [UIApplication.LaunchOptionsKey: Any]?) -> Bool {
    // Configure analytics
    Analytics.configure(with: configuration)

    // Initialize attribution
    Adjust.appDidLaunch(adjustConfig)

    return true
}

Search for IDFA usage restrictions:

// Request IDFA permission (iOS 14+)
ATTrackingManager.requestTrackingAuthorization { status in
    // Handle authorization status
}

Building an Audit Checklist

When auditing an app, work through this checklist:

  1. Extract and list all embedded frameworks — Note each SDK name
  2. Check permissions — Determine what data each SDK could access
  3. Monitor network traffic — Record all external domains contacted
  4. Review initialization code — See if data collection is enabled by default
  5. Check for data sharing — Identify if data leaves the app or stays local
  6. Document findings — Create a report of all trackers and their purposes

Automating SDK Detection

For large-scale analysis, automate SDK detection. The AppCensus and Exodus projects maintain databases of known trackers:

You can also build your own detection using the Mobile SDK Registry from the AppCensus project, which maps SDK package names to tracker categories.

Reducing Tracker Impact

After identifying trackers, consider mitigation strategies:

Getting Started

Begin by auditing an app you frequently use. Start with static analysis to identify obvious trackers, then use network monitoring to confirm data transmission. Build a personal database of common SDKs and their behavior patterns.

The methods in this guide apply to both iOS and Android, though specific tools differ. As you gain experience, you’ll recognize tracker signatures quickly and understand what data flows where. This knowledge helps you build more privacy-respecting apps and make informed choices about the software you use.

Regular auditing of mobile apps reveals the constantly evolving tracking ecosystem. New SDKs emerge, and existing ones change their behavior. Staying current requires ongoing analysis, but the fundamentals—examining binaries, monitoring networks, and reviewing code—remain consistent.

Built by theluckystrike — More at zovo.one

Explore Our Developer Guides

© 2026 theluckystrike Developer Guides