How to know which SDKs are installed on a mobile app and what they track? (for free)

8 min readFeb 3, 2020

To find out which SDKs are inside a mobile app, you can rely on app intelligence tools such as App Annie, Apptopia or 42 Matters. They provide a great way to see at a given time, how many apps use a certain SDK, be it for ad monetization, attribution, analytics, CRM, user support, etc. You can use that data to do market or competitor analysis at scale.

But did you know that you could also find that out on your own? Without the need of any third-party platform? I will share with you a totally free and legitimate method that you can use to uncover all the SDKs available on any mobile app.

Before I detail all the steps, let me first give you a small tip: if you wish to know an app’s current SDKs, your first reflex should always be to look into its privacy policy. Sometimes, an app will list all — or some of their — third-party services they use and that’s how you could satisfy your initial curiosity in a few seconds.

Now let me show you how to proceed to list every single SDK present on an app. This tutorial assumes you use an iPhone and that your computer is a Mac.

For those of you who use Android, I’m linking to an external guide at the end of this article.

I also recommend that you do this exercise at home or from your private office, but not from a Wifi connection shared by multiple people (for privacy reasons).

1. Install Charles Proxy: a Web Debugging Application

Charles is an HTTP Proxy used in web and app development that allows developers to view all traffic requests (HTTP but also SSL/HTTPS (secured connections)) between a machine and the Internet.

What it basically does is sit between a computer (or a smartphone) and its network connections and “routes” all traffic so it is then able to reveal them to you.

Charles is a paid application but offers a 30-day trial which gives you access to all the features available in the paid version. Head over to this page to download the DMG and install it on your Mac.

2. Launching Charles for the first time

Once installed, find Charles and open it. You will be shown a notification asking you to allow Charles to configure your network settings. Click on “Grant Privileges”. You will then be asked for your Mac password to confirm your selection.

Charles will then launch and automatically starts recording network activity on your computer.

But we are not interested in your Macbook’s network activity, only your iPhone’s. So, to turn it off, go to Charles > Proxy > macOS Proxy and click on it to untick it.

3. Configure your iPhone so that Charles can view its network activity

What we want to do is use your Macbook to “listen” to your iPhone’s activity. For that, we need to use your Macbook as a proxy for your iPhone so its traffic goes through it. It will then allow Charles to see it.

Still in Charles, go to Proxy > Proxy Settings. Note the port number, by default it should be 8888.

Now we need your Macbook’s IP address. You can find that right within Charles. Go to Help > Local IP Address. Note down the first IP listed (en0)

Then, grab your iPhone and make sure you are connected to the same WiFi connection as your computer.

In your iPhone Settings, click on Wifi, select your network and in the next window, scroll down to HTTP Proxy and click on Configure Proxy.

Select Manual and enter your Macbook Local IP address in Server and your port number in Port. The hit Save.

In Charles, you should then see a pop-up window asking you to allow your iPhone to connect to Charles. Click on Allow.

Now that Charles and your iPhone are connected, there is another step to do. Allow Charles to view SSL traffic requests. Head over to this address to download Charles’ CA certificate http://www.charlesproxy.com/getssl

It will download a profile that you can then locate in your iPhone’s Settings.

Click on the Profile. Then tap on Install, a warning will inform you that it will be added to the list of trusted certificates but will only be trusted once you specifically enable it. Tap on Install again, the Profile will then be installed. Click on Done.

Next, go to Settings > General > About > Certificate Trust Settings (at the very bottom).

Tick the box (so it turns green) next to the Charles Root Certificate to enable it. A warning will appear: Click on Continue.

Charles will then be able to view the details of your iPhone SSL requests and I will explain you later how it helps uncover important details about an app’s SDKs.

4. Inspect an app’s network communication

Now launch Charles again. A recording will start, turn off macOS Proxy, then stop the recording by hitting the Record button and click on the Broom icon to clear the session.

Go to Proxy > SSL Proxying Settings and verify that SSL Proxying is Enabled.

Now, click on Record again and launch the app you want to study. For this guide, I am using the game Gardenscapes from Playrix.

I launched it from my iPhone search box and then played the tutorial.

In Charles, you will see a list of network requests, in a chronological order.

What do we see here?

The first requests correspond to the iPhone general and initial activity (here it was when I used the search field) followed by the requests coming from Gardenscapes: its own (ie. Playrixs’s CDN) but also external ones (for their SDKs).

Here are the SDKs that were initially launched:

Facebook Graph (Gardenscapes uses Facebook as a login option)
Helpshift (for user support)
Swrve (as their CRM tool)
AppsFlyer (as their MMP Solution)
Unity Ads (for Ad Monetization)
Moat (=Oracle Data Cloud) (for Ad Analytics)

5. Going further: seeing detailed requests

What we’ve seen so far is already quite useful. A list of all SDKs found in Gardenscapes (at least the ones launched up to where I went in the game).

But where it gets really interesting is if you could have all details for any request that you see. For that, you need to enable SSL proxying for each of them. This way they will be broken down and you will see a ton of insightful information.

I’m going back to Charles and record my iPhone activity again, still while playing Gardenscapes.

I am interested in the Appsflyer request. Note that there is a lock next to it, and if I click on it, another lock appears below with a message “unknown”. It’s because the request is hidden.

So what I’m going to do is to enable SSL Proxying specifically for https://t.appsflyer.com. For that, I right-click on it and then select “Enable SSL Proxying”

I then click on Refresh (the circle arrow) and then starts recording again.

Note what you will see here:

The request for https://t.appsflyer.com will then appear as “revealed”, a blue icon replaces the previous lock and we can now see the details of the request.

What we learn here is that Gardenscapes uses the 4.9 version of AppsFlyer iOS SDK.

You could do the same thing for every SDK that you are interested in. For instance, I noticed that Gardenscapes uses Chartboost and I also enabled SSL Proxying for its request.

And what I obtained was this:

If you look into the content of the request, we see all the elements that Chartboost tracks: Limit ad tracking on/off, screen rotation, OS version, device language and so on.

Note that if you want to see the detail of every request, rather than individual ones, go to Proxy > SSL Proxying Settings and then tick * in the Location list. This will then reveal all requests…(after you hit Refresh).

As you can see, Charles is really powerful. You can not only see the same details as what an App Intelligence tool could report: which SDKs are installed, but also their version and what events or parameters they use or monitor (which is only possible if you use a Proxy, as no app intelligence tool reports that, as far as I know).

Once you are done studying an app, turn off the Proxy on your iPhone: go to Wifi > Configure Proxy > Off and also remove the Charles profile by going to General > Profile > Charles Proxy CA > Remove Profile.

— — — — —

If you are an Android, check out this tutorial, the initial steps for adding the CA Certificate on your device are a bit different than on an iPhone but the rest (SSL Proxying) is quite similar.