Spotify
Spotify is a legitimate, well-established music streaming service with 9 verified trackers (Firebase Analytics, Google AdMob, Meta SDK, Branch Attribution, and others) and 5 dangerous permissions granted, including location and microphone access. While the app's core functionality justifies some permissions, the combination of ad-tech SDKs, location tracking, and metadata collection typical of a freemium service creates moderate privacy exposure.
How we got to 37.
Location, camera, phone state - not core to music streaming
RECORD_AUDIO + location enable behavioral profiling beyond playback
Firebase, AdMob, Meta SDK, Branch - heavy ad-tech and attribution stack
Freemium with aggressive ad insertion on free tier
Listening history, device IDs, location shared with ad networks
Major publicly-traded company, transparent privacy policy
EU-based (Sweden), full GDPR rights, in-app privacy controls
All traffic uses TLS/HTTPS
Hidden inside the code.
What it asks for.
Precise GPS - why does a music app need this?
Approximate location for regional content
Pauses during calls but also enables fingerprinting
Profile photos and Spotify Codes scanning
Voice commands - but microphone access on a music app is unusual
From the scan.
Keep reading.
I scanned 47 apps on my phone. Here's what I found.
A full weekend audit of every app on a normal Android phone. 47 apps, 211 trackers, and a permission count that would ma...
What is a tracker in an app, and why should you care
Trackers are code libraries hidden inside apps that collect your data for third parties. Here is how they work, what the...
Similar risk profiles.
Scan Spotify yourself.
Get the full report on your device - with real-time DEX analysis, permission auditing, and breach monitoring. Free, no account needed.