A
AppXpose Get the app ↗
FILE 001 / TRACKERS / EVIDENCE LOG
Issue No. 1

Your phone is
talking. To
strangers.

The average Android app you installed today ships with 7 third-party tracker SDKs baked into its bytecode. AppXpose tears the app apart on your device and shows you exactly which ones, before they start phoning home.

Get the app / FREE Read the method →
AppXpose scanning TikTok and showing a 72/100 risk score with full breakdown
EXHIBIT A · TIKTOK · SCORE 72/100 · HIGH
EXPOSED ↓
↓ EXPOSED
google.firebase.analytics DETECTED facebook.appevents DETECTED com.adjust.sdk DETECTED com.appsflyer DETECTED io.branch.referral DETECTED com.onesignal DETECTED com.mixpanel.android DETECTED com.amplitude.api DETECTED com.crashlytics DETECTED com.huawei.hms DETECTED com.flurry.android DETECTED com.unity3d.ads DETECTED com.applovin.sdk DETECTED com.ironsource DETECTED com.tapjoy DETECTED com.singular.sdk DETECTED google.firebase.analytics DETECTED facebook.appevents DETECTED com.adjust.sdk DETECTED com.appsflyer DETECTED io.branch.referral DETECTED com.onesignal DETECTED com.mixpanel.android DETECTED com.amplitude.api DETECTED com.crashlytics DETECTED com.huawei.hms DETECTED com.flurry.android DETECTED com.unity3d.ads DETECTED com.applovin.sdk DETECTED com.ironsource DETECTED com.tapjoy DETECTED com.singular.sdk DETECTED
II. The dossier

Four exhibits. Each one independently verifiable in the source code.

What's actually inside
the apps you opened today.

01
Exhibit 01

On-device DEX analysis

The bytecode never leaves your phone.

AppXpose unpacks the APK file directly through the Android Package Manager and reads its DEX classes in-process. Class names, method calls, and obfuscation patterns are matched against 94 curated tracker signatures, without ever uploading a single byte. The actual analysis happens in the same place the malware would: on your device.

"We can't leak what we never had."

02
Exhibit 02

Breach risk forecast

HIBP-checked every 72 hours.

For every app you scan, we look up the developer's known email addresses against the Have I Been Pwned database via k-anonymity (no personal data leaves your device). If a developer or one of their services has ever been part of a public breach, you find out before it becomes a problem in your inbox.

"The forecast is the warning."

03
Exhibit 03

Permission audit

Every dangerous request, mapped and ranked.

Every Android permission an app requests is mapped to a plain-language explanation, ranked by risk class (normal, dangerous, signature, special), and diffed against your last scan. When an app silently asks for location after an update, you see it on the next open. Not three months later when you happen to check Settings.

"Permissions you can read."

04
Exhibit 04

Community verdict

Anonymous votes, profanity-filtered, no algorithm games.

Other AppXpose users have already scanned the apps you have installed. Their scores, comments, and warnings are pinned next to the technical results. There are no follower counts, no engagement loops, just signal from people who came to the same question you did.

"Wisdom of the cautious."

II.5 · Inside the app

Eight exhibits from the app itself. Scroll →

What you actually
see on screen.

The scan
EX. 01
The scan

Risk score, breakdown, and the verdict in seconds.

Hidden trackers
EX. 02
Hidden trackers

See every SDK baked into the app and what it shares.

Where your data goes
EX. 03
Where your data goes

Third parties, ad networks, attribution partners. Mapped.

Suspicious permissions
EX. 04
Suspicious permissions

Spot the apps asking for too much, with one-tap delete.

Paywalls & monetization
EX. 05
Paywalls & monetization

Free-to-download means nothing if the paywall is brutal.

Who made the app
EX. 06
Who made the app

Company, devs, server locations, GDPR status. Receipts.

Full transparency
EX. 07
Full transparency

Every claim AppXpose makes comes with the reasoning attached.

GUARD alerts
EX. 08
GUARD alerts

Lock-screen notifications when something material changes.

Live on the Play Store. Free to install.

III. Always-on protection / GUARD
€3,79 / month · €19,99 / year

Five alerts.
Watching the apps
while you don't.

GUARD is the part of AppXpose that runs while you're not looking. It schedules background workers, diffs each app update against its previous fingerprint, and pings the breach databases on a fixed cadence. When something changes you get exactly one notification, written by a human, not a template.

Get GUARD →
A1
Breach Alert
Every 24h
Cross-checks every developer email tied to your installed apps against the Have I Been Pwned database. New leak, instant push.
A2
Tracker Change Alert
Every 24h
New SDKs sneak into apps via routine updates. We diff every release and tell you which trackers were just added.
A3
Permission Change Alert
Every 24h
A flashlight app suddenly wants your contacts? You hear about it the moment the manifest changes.
A4
App Removed Alert
Every 24h
When Google pulls an app from the Play Store, you get the story. Usually before the news writes about it.
A5
Developer Change Alert
Every 24h
Apps get sold all the time. New owner means new privacy policy, new servers, new motives. We catch the handover.
IV. Pricing

No tiers labelled "Enterprise". No "Contact sales". No upsells.

Three plans.
Honest prices.

T1
Free

For the curious.

0 ex. tax
forever
Download →
  • 3 scans per week
  • Full scan results
  • Community verdict
  • Ad-supported
T2
Pro

For the suspicious.

2,79 ex. tax
one-time, lifetime
Buy once →
  • Unlimited scans
  • Saved scan history
  • No ads. Ever.
  • Priority refresh
RECOMMENDED
T3
GUARD

For the responsible.

3,79 ex. tax
monthly · 19,99 / year
Subscribe →
  • Everything in Pro
  • 5 background alerts
  • Daily breach checks
  • Daily app diffs
  • Cancel anytime

All prices shown without VAT. Final price including local taxes is calculated at checkout in Google Play.

Billed via Google Play. Cancel anytime in Play → Subscriptions.

V. Frequent questions

If yours isn't here, write us. We'll add it.

What people
always ask first.

Q1

Does AppXpose upload my apps to a server?

+
No. The DEX bytecode analysis runs entirely on your device. We only contact our edge for cached metadata (tracker signatures, breach status), and those requests are anonymized via HMAC-signed device fingerprints. No email, no Google account, no advertising ID.
Q2

How is this different from network ad blockers?

+
Ad blockers stop network requests after they fire. AppXpose tells you which trackers are baked into the app itself, even ones that only fire on certain conditions. Diagnosis vs. treatment.
Q3

Why pay if scanning is local?

+
The local part is free. The cached signature database, the HIBP proxies, the community vote system, and the GUARD background workers all run on infrastructure that costs money. The free tier covers casual use; Pro and GUARD cover people who want it always-on.
Q4

Is the source code public?

+
The Android client is closed-source for now. Detection signatures, risk weights, and pricing are documented openly. We plan to open the detection engine once it stops shifting weekly.
Q5

iOS version?

+
No. iOS's sandbox model prevents the kind of bytecode analysis AppXpose performs. It's Android-only and likely will stay that way.
VI. Final note

Trust no app.
Verify them all.

AppXpose is free to install and free to try. Three scans a week, full results, no signup, no card. The whole thing took longer to download than to use.

Open Play Store ↗ Read the method
END OF FILE 001
⊕ FILED · INDEPENDENT · BERLIN