Microsoft 365
Microsoft 365 is a legitimate productivity suite with strong encryption and GDPR compliance, but exhibits extensive telemetry collection, multiple ad-tech SDKs including Facebook SDK, and broad permission scope. The large app size and aggressive data collection for personalization elevate risk to medium.
How we got to 34.
Microsoft first-party telemetry plus Google Analytics for usage tracking and AI training
AdMob, Facebook SDK, AD_ID - cross-app behavioral targeting
High but reflects feature breadth (camera, audio, media access)
Documents, emails, contacts flow to OneDrive, Teams, Copilot AI
8 DEX files at 378 MB - complex but legitimate for full Office suite
Limited free tier; premium features require subscription
Microsoft - regulated corporation, transparent privacy policy, GDPR-compliant
TLS in transit, AES-256 at rest, multi-factor authentication
Used by ad SDKs for device fingerprinting
Hidden inside the code.
What it asks for.
Device fingerprinting for ad targeting - not core to Office
Google Advertising ID for cross-app behavioral tracking
Teams calls and voice notes - legitimate but sensitive
Document scanning and Teams video - legitimate but sensitive
Keep reading.
What is a tracker in an app, and why should you care
Trackers are code libraries hidden inside apps that collect your data for third parties. Here is how they work, what the...
What trackers are actually hiding in your apps
We scanned 32 of the most-installed Android apps and counted every embedded tracker SDK. The average app hides 5 tracker...
Similar risk profiles.
Scan Microsoft 365 yourself.
Get the full report on your device - with real-time DEX analysis, permission auditing, and breach monitoring. Free, no account needed.