AppXpose v6.9.1 / file 001

GET IT ON JETZT BEI Google Play

MEDIUM Risk · Score 47/100

PayPal

com.paypal.android.p2pmobile

PayPal is a legitimate, well-established financial app with strong encryption and fraud protection, but it collects substantial data across 13 verified trackers (analytics, advertising, attribution, and payment processors) and requests 6 dangerous permissions including location, contacts, camera, and microphone. While these permissions may support features like in-store payments and identity verification, the combination of broad data collection and third-party ad networks elevates privacy risk to MEDIUM despite PayPal's reputation.

47

out of 100

13

Trackers Found

5

Dangerous Permissions

8

Risk Factors

0

Known Breaches

Warning

Regulatory & Legal

2015 credential exposure affecting user login data; resolved with mandatory password resets and enhanced security protocols. No major incidents reported since 2020.

Score Breakdown

How we got to 47.

Scored using deterministic pattern matching and DEX analysis. Compare against research data from 3,745 analyzed apps.

+8

Unexpected Dangerous Permissions

Location, camera, contacts, microphone - not all clearly justified for payments

+5

High-Risk Permissions Outside Scope

RECORD_AUDIO and CAMERA together create exfiltration risk

+12

Verified Trackers: 13 SDKs

4 analytics, 2 ad networks, 1 attribution, 1 crash reporter

+6

Ad Network Ecosystem

Google AdMob, Meta SDK, Adjust enable behavioral profiling

+5

Third-Party Data Sharing

Transaction and behavioral data shared with multiple vendors

-6

Developer Reputation & Compliance

Publicly traded, heavily regulated (NMLS, NY DFS), strong compliance

-4

Encryption & Fraud Protection

TLS, biometric auth, tokenized payments, fraud detection

+2

Known Security Incidents

2015 credential exposure affecting login data

Trackers

13 SDKs detected

Hidden inside the code.

Firebase Analytics Analytics

Google Firebase Analytics

Amplitude Analytics

Adobe Analytics Analytics

Google AdMob Advertising

Meta SDK Advertising

Adjust Attribution

Datadog Crash Reporting

Firebase Cloud Messaging Push

Google Sign-In Social

PayPal Payment

Braintree Payment

Google Maps Location

Permissions

5 flagged

What it asks for.

high

RECORD_AUDIO

Microphone on a payments app - questionable necessity

medium

CAMERA

For check deposits and QR scanning

medium

READ_CONTACTS

For contact-based payments

medium

READ_PHONE_STATE

Device state monitoring and fingerprinting

high

ACCESS_FINE_LOCATION

Precise GPS for in-store payment features

Evidence

From the scan.

PayPal scan - Quality ratings and 2015 breach warning — Quality ratings and 2015 breach warning

PayPal scan - Full risk score breakdown with all factors — Full risk score breakdown with all factors

PayPal scan - 13 verified trackers including 4 analytics SDKs — 13 verified trackers including 4 analytics SDKs

Related

Keep reading.

What trackers are actually hiding in your apps

We scanned 32 of the most-installed Android apps and counted every embedded tracker SDK. The average app hides 5 tracker...

Why does this app need microphone permission?

Why do apps request microphone, location, or contacts access they don't need? A field guide to Android permission creep ...

Also scan

Similar risk profiles.

13 trackers · 5 permissions

Amazon Shopping 47

11 trackers · 4 permissions

6 trackers · 6 permissions

Scan PayPal yourself.

Get the full report on your device - with real-time DEX analysis, permission auditing, and breach monitoring. Free, no account needed.

GET IT ON JETZT BEI Google Play View all scans