TrackerControl is an Android app that allows users to monitor and control the widespread, ongoing, hidden data collection in mobile apps about user behaviour (‘tracking’).
To detect tracking, TrackerControl combines the power of the Disconnect blocklist, used by Firefox, and our in-house blocklist is used, created from analysing ~2 000 000 apps! Additionally, TrackerControl supports custom blocklists.
The app also aims to educate about your rights under Data Protection Law, such the EU General Data Protection Regulation (GDPR).
Under the hood, TrackerControl uses Android’s VPN functionality, to analyse apps’ network communications locally on the Android device. This is accomplished through a local VPN server, to enable network traffic analysis by TrackerControl.
No root is required, other VPNs or Private DNS are not supported. No external VPN server is used, to keep your data safe! TrackerControl even protects you against DNS cloaking, a popular technique to hide trackers in websites and apps.
TrackerControl will always be free and open source, being a research project.
Disclaimer: The usage of this app is at your own risk. No app can offer 100% protection against tracking.
TrackerControl can be downloaded here.
A feature-reduced version is also available on Google Play.
There are many ways in which you can support TrackerControl. Here are a few ideas:
Also, you can always reach out to me directly at firstname.lastname@example.org. I deeply welcome and answer every message.
If you’re missing a translation, feel free to contribute here: https://crowdin.com/project/trackercontrol.
Contact me at email@example.com, if you’re missing a language.
Contrary to similar solutions, this application does not intercept SSL connections, minimising privacy risks and allowing for usage on unrooted Android devices. Only the meta data about network communications is logged, and displayed to the users.
TrackerControl does not send any personal data off your device.
TrackerControl allows users to monitor the network communications on their Android device. This network data qualifies as personal data, but is only processed locally on the user’s device.
If the user consents, TrackerControl contacts the Google Play Store to retrieve further information about the users’ apps. The app automatically contacts GitHub to check for updates, which can be disabled from the app settings. No personal data is ever shared, other than what is strictly necessary for network communications (e.g. IP address).
TrackerControl uses the ACRA plugin. This is considered to be a ‘good’ tracker. It’s open-source, and could be used to collect crash reports automatically to a server–TrackerControl DOES NOT do this. Instead, the user must app report crashes manually, via e-mail. ACRA shows a dialog to do this in TrackerControl.
TrackerControl itself never sends any personal data off your device.
The only information saved on the user’s device is non-identifying and strictly necessary for the operation of TrackerControl:
This information is kept on the user’s device until app data is removed manually by the user (e.g. by uninstalling).
The development of TrackerControl was led by Konrad Kollnig (University of Oxford). The underlying network analysis functionality is provided by the NetGuard Firewall, developed by Marcel Bokhorst.
TrackerControl would not have been possible without the help of many outstanding minds, including Max Van Kleek, Katherine Fletcher, George Chalhoub, Sir Nigel Shadbolt and numerous app testers and friends.
The app builds upon a range of publicly available resources:
X-Ray Tracker List: TrackerControl also uses the tracker blocklist by Reuben Binns, Ulrik Lyngs, Max Van Kleek, Jun Zhao, Timothy Libert, and Nigel Shadbolt from the X-Ray project, created from analysing ~1 000 000 apps. This database was released as part of their 2018 paper on Third Party Tracking in the Mobile Ecosystem. The original data can be retrieved here.
Disconnect Tracker List: TrackerControl integrates the Disconnect list of known tracker domains, that is distributed with the Firefox browser.
Steven Black’s Blocklist: A state-of-the-art blocklist. This is used as fallback, if no company information is known from the other tracker lists. More here.
GDPR Requests: For the GDPR requests, the templates from the website My Data Done Right by the NGO “Bits of Freedom” were adopted.
Country Visualisation: TrackerControl offers to visualise the countries to which trackers sent data. The code was kindly offered by Takuma Seno. To map IP addresses to countries, TrackerControl includes the GeoLite2 database, created by MaxMind, available from https://www.maxmind.com.
ClassyShark3xodus: TrackerControl allows to detect trackers in the app code. The signatures to do this are taken from ClassyShark3xodus.
This project is licensed under GPLv3.