Discover more from Malcore’s Blog
Social Media & Communication Apps
Malcore, by Internet 2.0, will publish analysis results on all popular social media mobile apps. Malcore is an automated analysis tool to scan files and programs to detect malware & assess risk.
The Malcore team are releasing individual blog posts on each popular social media mobile applications. These are detailed individual blog posts that pull together the results of Malcore’s analysis per application.
The social media industry analysis project shows us the relative Malcore risk score for each application. It is a comparative process where the controls are the Malcore algorithm, only android apk were used and the time of analysis was the same for all applications. We hope this project provides users more transparency on the relative data harvesting practices and relative risk scores of all mobile applications.
The below graph is an updating chart we will republish as our analysis results come in over the next few months.
For the graph there is inconsistent public information on active users and downloads per mobile application. We estimated placement by using the downloads on google play store and bracketed by reported monthly active users. We would be happy to adjust this data if applications send us official numbers.
We must note this analysis process is not an conclusive code review. It is a static analysis with automated code review using Malcore. A detailed manual source code review and to manually view app activity during dynamic analysis is considered a conclusive method to assess risk. A manual code review tends to find a lot more information but costs significant time.
All Malcore research is self funded which means we are limited by time. For example our TikTok technical analysis report at Internet 2.0 was far more detailed and conclusive on TikTok than these short blog posts.
The scores are listed here from lowest to highest as we publish the results per application.
Tutanota = 1.8 (Lowest email score due to very few code warning, 0 trackers and suspicious warning, as well as low permissions)
Discord = 9.6 (Lowest social media score due to very few code and device access warnings)
Zoom = 10.5 (Lowest Video Score, only Google SDK)
ProtonMail = 12.65 (Higher than Tutanota due trackers, suspicious warnings and higher code warning)
Telegram = 12.7 (Analyzed twice and reduced from 17.2, It has Huawei Mobile Services only for Huawei build phones)
Facebook Messenger = 14.05 (Only has Meta Facebook tracking and not connected to Google ecosystem)
Threema Work = 16.1 (Second lowest score for messenger apps, Internet 2.0 preferred messenger app)
WebEx Meetings = 16.1 (Second lowest score for Meeting apps, WebEx only has 2 trackers)
Facebook App = 16.55 (One of the lowest social media scores due to very few code warnings, despite that the Facebook app has a high amount of permissions)
Session = 17.25 (2 trackers, 11 dangerous permissions, 8 high code severity warnings, Session sits lower than Signal but higher than the likes of Threema Work, Facebook Messenger and Telegram)
Diia App = 17.6 (Launched in 2020 by the Ukrainian Ministry of Digital Transformation, the Diia app allows Ukrainian citizens to use digital documents in their smartphones instead of physical ones for identification and sharing purposes. Diia App sits comfortably below the average industry score)
Signal Messenger = 21.8 (Third lowest score for messenger apps, Internet 2.0 preferred messenger app)
WhatsApp Messenger = 26.25 (Unlike Meta Facebook WhatsApp has Google Analytics)
Uber Eats = 27.4 (Uber Eats falls within the industry standard and only has 5 trackers in total)
WeChat = 27.8 (Slightly higher than WhatsApp, WeChat has 5 trackers in total, including Baidu Maps and WeChat Location)
Gmail = 29.6 (The highest of all the email clients, due to a high amount of permissions)
Reddit = 30.65 (Reddit falls within the average of other social media apps but has 6 total trackers)
LinkedIn = 34.15 (LinkedIn falls within the average score of other social media apps but has a high amount of trackers, with 9 in total)
Snapchat = 34.25 (Snapchat had only 4 trackers but had many permissions)
Twitter = 27 (The first in our series of social media apps, Twitter’s score is just above the industry standard.)
Instagram = 34.55 (The second highest in our series of social media apps so far, Instagram’s score is the result of 2 suspicious warning, several trackers in the Facebook Ecosystem and a high amount of permissions)
Outlook = 35.9 (Outlook has 7 trackers which accounts for the high score)
Expedia = 36.25 (Expedia has a high amount of trackers, with 10 in total which accounts for the high score)
Google Maps = 36.25 (Google Maps sits above the industry standard but its score
Microsoft Teams = 38 (Microsoft teams has 4 trackers but a high amount of permissions)
Viber Messenger = 46.7 (Has 11 trackers which accounts the higher score)
VK.com = 62.7 (VK has a total of 13 trackers and and 28 dangerous permissions)
TikTok = 63.1 (The highest of any app, 9 trackers including VK SDK)
To view how these scores are created visit our transparency post where we published a description of our phone application threat scoring algorithm.
Try Malcore for Free!
First 5 scans are free on registration