In this workshop, participants will learn about how their own phones are used to track their activity online. They will discover Exodus : an application which allows people to identify the trackers used by each application installed on their smartphones.
Preparation time for facilitator
Time needed to complete activity (for learner)
Name of author
Support material needed for training
Resource originally created in
This workshop will expose the many cookies used by mobile app developers to harvest the personal data we produce via our smartphones. We use all kinds of apps on Android: games, useful applications etc. These are downloaded and installed via the app Google Play. Many apps are preinstalled by the manufacturer or by the network through which you bought the phone. You will have noticed that when you install an app on your smartphone, it asks permission to access functionalities and data on your phone: camera, mic, memory, contacts, etc.
This is actually only the tip of the iceberg (which is already not so great: what business does the game Golf Duck have with your camera and contacts?). There is of course also the rest of the iceberg hidden below the surface: all these applications communicate with online services, sometimes legitimately (for example your weather app needs to communicate with online weather forecasting services) but sometimes and even often: less legitimately! All this has been invisible for the majority of users without advanced technical knowledge, until Exodus arrived!
Exodus is an app whose objective is: ‘to list the applications you have installed from Google Play and tells you what are the trackers used by each application. The application does not analyse the installed applications on your smartphone but retrieves the reports available on the Exodus platform and does not contain trackers.’
Facilitation tip: It is better that participants use their own smartphones for this workshop.
In advance of the workshop, on a whiteboard or whatever surface you have available, draw a table with:
- 3 columns with the headings Yellow|Red|Application
- As many rows as participants (and write the names of each phone owner)
You will use through the next steps.
Have participants install the app directly here or ask them to go to the Play Store and search for it themselves before downloading.
The app is easily recognisable through its logo:
They can now launch the app. It will now list all applications on their phone and show the readout under this format:
Ask the group to count how many trackers (yellow) and authorisations (red) they have in total and note their score on the table next to their names as well as the name of the application with the worst score.
Note to facilitator: To not make uncomfortable users of online dating apps or whatever else, it is best they carry out the count alone. We here to discuss privacy – respect it, including during the workshop.
Once the table is complete, ask the group to have a look at the details, paying attention to the apps listed. Leave them 5-10 minutes to research the apps they have (installed and certainly forgotten).
Ask them now if they now find these apps intrusive to the point where they will no longer use them or if they will no longer have any use for them. Now that they know they were being tracked and how to find this information, will they change their habits and pay more attention to the apps they install and the permissions they grant?
Users can use Exodus to verify the number of trackers and permissions requested by an application before even installing on the device!
- This site can be used to search directly for apps already tested.
- There is also an Exodus extension – called Exodify – you can get for Firefox or Chrome. Once installed, the extension will automatically detect when you go to Google Play and display the number of trackers used for each application in the current page like this one:
It’s not a simple affair to push back against cookies/trackers. This is unfortunately the price to pay for having free applications. The questions to ask ourselves are the following:
- Do I trust the creators of these apps having access to my private data?
- Do I really need this application that will install 32 cookies on my phone?
- Is it worth is to be tracked and have all your contact information taken just for an app that shows you a load of cute kittens?
Everyone can decide the answers to these questions themselves!