This week I spent a lot of time automating my collection of data via a MITM with an Android Emulator. This lets me peek at the actual traffic and data leaving the device to try and figure out a few things:
Who is the app working with?
This is the primary question, to be able to figure out which companies and partners the app is working with for it’s data collection and user tracking. This will go towards building out the existing and ever expanding map of mobile adtech companies on AppGoblin.
What country is the user’s app data being sent to?
The next big question is where the data is being sent. While this remains to be seen how accurate or useful it is, it will none the less be an interesting way of tracking the data. Of course, an app like TikTok works with dozens of companies, some of which are Chinese, but it ultimately might not show that in the IP locations as large companies can easily have servers in the local countries where the data is first sent.
What data is actually being sent?
Including example payloads leaving a company’s SDK might be pretty interesting. I think I would first want to populate the device with some useful information (since Waydroid is not well known), so perhaps impersonate a Samsung device, in a specific city would be good.
Then on each companies main page on AppGoblin I could include a link to an example payload leaving the company.
Ads
While I would love to collect ads first and foremost, just a passion of mine, I feel like mapping these back to their actually advertiser is surprisingly hard. It would need to be API by API to reverse engineer where the Ad’s destination url is or find a way to click each ad and follow it to capture the data there.
Next steps
Well, I guess all these are already next steps, and this is just laying out my thoughts for what I want to work on for new marketing and research features to add to AppGoblin for 2025.