Static analysis of PayPal Android app reveals 13 embedded SDKs including Meta SDK and Adobe Analytics inside a payment app

Static analysis of the PayPal Android app – 13 embedded SDKs in a payment app handling banking credentials. SDKs found: Firebase Analytics, Amplitude, Adobe Analytics, Google AdMob, Meta SDK, Adjust, Datadog, FCM, Google Sign-In, PayPal, Braintree, Google Maps. Notable: Adobe Analytics and Amplitude are both collecting behavioral data inside an app that processes financial transactions. Meta SDK is present – meaning Facebook receives data from PayPal sessions. Permissions: RECORD_AUDIO, CAMERA, READ_CONTACTS, READ_PHONE_STATE, ACCESS_FINE_LOCATION. Legal history: 2015 credential exposure incident. Privacy score: 47/100. Interesting that a payment processor of this size embeds this many third-party analytics SDKs. Anyone done deeper dynamic analysis on the network traffic side? submitted by /u/MahereMarley [link] [comments]Technical Information Security Content & DiscussionRead More