The Gandi Community

Gandi Supports Exodus Privacy

The “Gandi Supports” program really demonstrates the values that Gandi holds dear, especially when it comes to the protection of private data. One of the projects Gandi supports is Exodus Privacy. This platform analyzes Android apps and lists any trackers embedded in them. A tracker is a piece of code that collects information about users and what they do. We interviewed Lovis IX, cofounder, and Codimp, sys admin about their experience with Gandi. What is Exodus Privacy ? Lovis IX: Exodus Privacy is an association with about a dozen people working on the project. The idea came about in August 2017 after reading an article in Numerama on trackers used in the apps published by magazines like Closer, Paris Match, etc. We wanted to know if many other apps used trackers and, after some research, we were scared of what we found. In November 2017, we launched our platform. How did you concieve of Exodus Privacy ? Codimp: Today, out of 88,635 reports of apps analyzed, 21,416 reports don’t have any tracker currently known by εxodus. εxodus can detect 200 different trackers. The database, for its part, has around 88,000 different reports on some 60,000 unique Android applications. There are two possible uses.
  • Use on a website
Users enter the Google Play Store link or the handle of the app they want to analyze (in general it’s something like “com.java.name”) on the εxodus interface. If the latest version of the app is not in our database, we get the apk (i.e. the Android app) and launch the service that analyzes the app and looks for trackers. The platform then generates a report that we add to the global database which lets us monitor the app and its different versions.
  • Use on mobile app
The user can also install the εxodus app on their Android phone. This will then list all the apps installed on the user’s phone to automatically request the εxodus report for each of them. The report lists the embedded trackers in each app, but also the permissions required by the app. Find out more about Exodus Privacy. How has Exodus Privacy evolved since it was first implemented? Lovis IX: We’ve considered an iOS version. There’s no iOS version because the general terms and conditions don’t let us do it. But what we say generally to people who ask is, “If you find trackers in the Android version of an app, you can expect to find the same in the iOS version.” Another development came from a fan! He created Chrome extension and a Firefox add-on that lets you, directly on the Google Playstore, see the information about the trackers used before downloading an app. What plans do you have for further development? Lovis IX: We’d like to grow our association a bit and have some new volunteers. And translate our site, the platform, and educational videos into as many languages as possible. We’re also in the middle of redoing the platform’s UX. Today this is more for geeks, but we’d like εxodus to go more mainstream. What is the architecture of the platform? Codimp: Our platform has three pieces:
  • NGinx on the frontend and Django with the results display
  • Middleware with a varnish cache
  • PostgreSQL database and “workers” that analyze apps
We have divided the work into three parts on the production infrastrucutre: Frontend: Gandi Cloud server with 4 cores, 4 GB RAM, 50 GB Disk Middleware : Gandi Cloud server with 8 cores, 8 GB RAM, 50 GB Disk Backend : Gandi Cloud Server with 6 cores CPU, 12 GB RAM, 1 TB Disk Having a large machine lets us process simultaneous submissions from multiple users. Why did you go with Gandi? Lovis IX: We first came across Gandi at an event by La Quadrature du Net. εxodus was using a competitor’s hosting services, but we weren’t particularly satisfied with the quality of service, especially in terms of the workload. Since switching to Gandi servers, we no longer have any stability or performance issues. We can publicize the project or get mentioned in a news article and not worry about whether the infrastructure can handle the resulting increase in traffic. Why would you recommend Gandi? Codimp: We have benefitted from the incredible flexibility offered by Gandi Cloud services to fine-tune and adjust the configuration of the virtual machines to our needs, and to thereby have a perfectly sized server. Now we don’t have to adjust them as much and everything works without any difficulty. Want to try out Gandi Cloud servers?