Unlike web pages, mobile apps don’t load source code from a server when launched. Instead, they’re installed on the device as a binary package, where the original source code has been compiled into machine language.
Mobile apps are self-contained. They don’t rely on a browser or any other program to run. Everything they need is included in the package you install.
Why tracking verification is tricky on mobile
For privacy and security reasons, Apple and Google don’t allow apps to access data from other apps. This means that on a standard device (one without root access or special tools), you can’t directly check whether trackers are being blocked in an app downloaded from the App Store or Google Play.
How to verify that your CMP is blocking trackers
To check if the CMP is working as expected, you’ll need a more advanced setup:
- A mobile device. Avoid using your personal phone, as some settings may compromise its security.
- A computer running a debugging proxy. Proxyman, Charles Proxy or Fiddler are popular options.
- A self-signed root certificate is installed and trusted on the target device. Most proxy tools usually provide setup instructions.
- Same network connection. The mobile device must be on the same network as your computer. In the device’s network settings, set the proxy address to the computer’s IP or hostname.
Start testing
After confirming that the target device is tunneling data through the proxy:
- Open the app you want to test.
- Don’t accept anything beyond essential consent.
- Let the app run for a few seconds.
- Review outgoing network traffic in the proxy tool. Look for any unexpected or suspicious web addresses.
Dig deeper with SSL proxying
If you find suspicious addresses, you can enable SSL proxying. This allows the proxy server to dynamically replace the SSL certificate with its own, letting it read the contents of HTTPS network calls that are normally encrypted.
