AppXpose v6.9.1 / file 001

GET IT ON JETZT BEI Google Play

MEDIUM Risk · Score 51/100

Messenger

com.facebook.orca

Messenger is a feature-rich communication app from Meta with end-to-end encryption for 1-on-1 chats, but it collects extensive metadata, location data, and contact information across 9 verified trackers. Meta's history of privacy incidents and aggressive data monetization, combined with mandatory contact/location permissions and biometric access, places this app in the MEDIUM risk category - acceptable for casual messaging but with significant privacy trade-offs.

51

out of 100

9

Trackers Found

5

Dangerous Permissions

8

Risk Factors

2

Known Breaches

Warning

Data Breach: Facebook

2019-08-01 · 509,458,528 accounts affected

Over 500 million Facebook user records scraped and leaked, exposing names, phone numbers, and personal details of 20% of all subscribers.

Dates of birthEmail addressesEmployersGendersGeographic locationsNamesPhone numbers

Data Breach: Facebook Marketplace

2023-10-01 · 77,267 accounts affected

200k Facebook Marketplace records obtained from a Meta contractor posted to a hacking forum.

Email addressesGeographic locationsNamesPasswordsPhone numbers

Regulatory & Legal

FTC $5B settlement (2019) for Cambridge Analytica and systemic privacy violations. GDPR fines totaling €422M+ (2021–2022). Ongoing EU investigations into data processing practices.

Score Breakdown

How we got to 51.

Scored using deterministic pattern matching and DEX analysis. Compare against research data from 3,745 analyzed apps.

+12

Verified trackers: 9 SDKs confirmed

Google Analytics, AdMob, Facebook SDK, Meta SDK, Mapbox - heavy ad-tech and attribution stack

+11

Meta ownership and data monetization

Messenger data feeds Meta's advertising graph. No opt-out for data collection.

+8

Metadata collection without encryption

Group chats, call metadata, contacts, and location collected unencrypted on Meta servers

+7

Contact and location permissions

READ_CONTACTS and ACCESS_FINE_LOCATION used for friend suggestions and ad targeting

+6

Known Meta privacy incidents

Cambridge Analytica (2018), FTC $5B settlement (2019), GDPR violations (€405M+)

+5

GDPR and CCPA compliance gaps

Schrems II ruling challenges Meta's data transfers to US servers

-4

End-to-end encryption for 1-on-1 chats

Optional E2E encryption reduces interception risk for direct messages

-2

Frequent updates and maintenance

Regular security patches reduce vulnerability risk

Trackers

9 SDKs detected

Hidden inside the code.

Google Analytics Analytics

Google Firebase Analytics

Google AdMob Advertising

Facebook SDK Advertising

Meta SDK Advertising

Firebase Cloud Messaging Push

Facebook Share Social

Google Sign-In Social

Mapbox Location

Permissions

5 flagged

What it asks for.

high

ACCESS_FINE_LOCATION

Precise GPS location - not needed for messaging, used for ad targeting

high

READ_PHONE_STATE

Reads device identifiers and call state for behavioral profiling

medium

READ_CONTACTS

Bulk contact harvesting for friend suggestions and social graph mapping

medium

CALL_PHONE

Can initiate calls without per-call user confirmation

medium

RECORD_AUDIO

Core to voice calls, but combined with location tracking enables surveillance

Related

Keep reading.

What is a tracker in an app, and why should you care

Trackers are code libraries hidden inside apps that collect your data for third parties. Here is how they work, what the...

What trackers are actually hiding in your apps

We scanned 32 of the most-installed Android apps and counted every embedded tracker SDK. The average app hides 5 tracker...

Also scan

Similar risk profiles.

9 trackers · 4 permissions

9 trackers · 3 permissions

Adobe Acrobat 52

7 trackers · 5 permissions

Scan Messenger yourself.

Get the full report on your device - with real-time DEX analysis, permission auditing, and breach monitoring. Free, no account needed.

GET IT ON JETZT BEI Google Play View all scans