u/MahereMarley

Was curious what Netflix actually does on my phone. Scanned the APK directly. Here's what came back:

Risk Score: 34/100 - MEDIUM

5 trackers found:

- Google Analytics

- Firebase Analytics

- Google AdMob

- AppsFlyer

- Crashlytics

Permissions that stood out:

- Microphone — likely for voice search

- Camera — no clear reason for a streaming app

- Nearby WiFi — for Chromecast discovery

- Bluetooth — for casting and audio devices

0 known data breaches which is actually rare.

The AdMob integration is the most interesting part - Netflix is a paid subscription service, so why is an advertising SDK embedded?

Scanned with AppXpose if anyone wants to check their own apps:
https://play.google.com/store/apps/details?id=com.appxpose.app&referrer=ref_apitest

Been building an Android APK scanner as a side project. After 3,745 scans, looked at which permissions each app category requests most.

Some make obvious sense:

- Maps at 96% GPS = navigation needs location

- Finance at 100% Camera = KYC verification

- Audio at 92% Foreground Service = background playback

Others are harder to explain:

- News apps: 75% Auto-Start on Boot

- Games: 39% Ad Tracking ID

- Shopping: 94% Camera + 72% Microphone

The tracker SDK data was also interesting: unrecognized SDKs average 6.6 trackers per app, 3x more than known Ad SDKs.

Charts in the images above = permission heatmap by category, tracker distribution, and risk score breakdown.

Full interactive version: appxpose.app/research

Methodology: static APK analysis, permissions declared in manifest not necessarily all actively used.

Happy to answer questions about the approach.

Data source: Anonymous aggregated data from real Android device scans via AppXpose. Results aggregated across 3,800+ unique apps from 2,000+ devices.

Tools: Python, Matplotlib

Methodology: Each app was analyzed at APK bytecode level: tracker SDKs, dangerous permissions, and a composite risk score (0–100) based on tracker count, permission types, developer breach history and certificate integrity.

No personal data collected all results are aggregated per app, not per user.

I built AppXpose after realizing that Google’s Data Safety labels, the things supposed to tell you what an app collects, are entirely self-reported.

Four peer-reviewed studies later confirmed what I suspected: there’s a massive gap between what apps claim and what they actually do.

So I built a scanner that looks inside the APK directly.

Some highlights from the data:

•	Instagram: 68/100 HIGH risk

•	Most “free” apps embed 5-15 tracker SDKs you’ve never heard of

•	Signing certificates that don’t match what they should

•	Apps flagged in MalwareBazaar that are still live on the Play Store

The tracker detection runs fully on-device. Nothing gets uploaded. ~140 SDK signatures, growing via community discovery.

2,000+ installs, 4.6⭐ so far. Still early.

Happy to answer questions about what I found or how the scanner works.

Website for all infos -> https://appxpose.app

App dowloandlink -> https://play.google.com/store/apps/details?id=com.appxpose.app

Here is something most people do not know:

When you download a free app, the people who made it often hide small pieces of code inside it that belong to other companies. These companies use that code to watch what you do, where you go, and what you buy. Then they sell that information.

You never agreed to that. You just pressed install.

AppXpose scans every app on your Android phone and shows you:

- Which outside companies are secretly collecting your data through each app

- What kind of data they are collecting

- A simple score from 0 to 100 so you can see which apps are the worst

- An alert if an app quietly adds new data collectors after an update

No technical knowledge needed. If you can read a weather app, you can read AppXpose.

We have also scanned popular apps like WhatsApp, Instagram, Telegram, and Amazon so you can see the results before even downloading. Check them out at appxpose.app/scans

Free on Google Play.2000+ installs, 4.6 stars