← All scans MEDIUM Risk · Score 47/100 PayPal com.paypal.android.p2pmobile PayPal is a legitimate, well-established financial app with strong encryption and fraud protection, but it collects substantial data across 13 verified trackers (analytics, advertising, attribution, and payment processors) and requests 6 dangerous permissions including location, contacts, camera, and microphone. While these permissions may support features like in-store payments and identity verification, the combination of broad data collection and third-party ad networks elevates privacy risk to MEDIUM despite PayPal's reputation. 47 out of 100 13 Trackers Found 5 Dangerous Permissions 8 Risk Factors 0 Known Breaches Warning Regulatory & Legal 2015 credential exposure affecting user login data; resolved with mandatory password resets and enhanced security protocols. No major incidents reported since 2020. Score Breakdown How we got to 47 . +8 Unexpected Dangerous Permissions Location, camera, contacts, microphone — not all clearly justified for payments +5 High-Risk Permissions Outside Scope RECORD_AUDIO and CAMERA together create exfiltration risk +12 Verified Trackers: 13 SDKs 4 analytics, 2 ad networks, 1 attribution, 1 crash reporter +6 Ad Network Ecosystem Google AdMob, Meta SDK, Adjust enable behavioral profiling +5 Third-Party Data Sharing Transaction and behavioral data shared with multiple vendors -6 Developer Reputation & Compliance Publicly traded, heavily regulated (NMLS, NY DFS), strong compliance -4 Encryption & Fraud Protection TLS, biometric auth, tokenized payments, fraud detection +2 Known Security Incidents 2015 credential exposure affecting login data Trackers 13 SDKs detected Hidden inside the code . Firebase Analytics Analytics Google Firebase Analytics Amplitude Analytics Adobe Analytics Analytics Google AdMob Advertising Meta SDK Advertising Adjust Attribution Datadog Crash Reporting Firebase Cloud Messaging Push Google Sign-In Social PayPal Payment Braintree Payment Google Maps Location Permissions 5 flagged What it asks for. high RECORD_AUDIO Microphone on a payments app — questionable necessity medium CAMERA For check deposits and QR scanning medium READ_CONTACTS For contact-based payments medium READ_PHONE_STATE Device state monitoring and fingerprinting high ACCESS_FINE_LOCATION Precise GPS for in-store payment features Evidence From the scan . Quality ratings and 2015 breach warning Full risk score breakdown with all factors 13 verified trackers including 4 analytics SDKs Related Keep reading . Trackers What trackers are actually hiding in your apps We scanned 32 of the most-installed Android apps and counted every embedded tracker SDK. The average app hides 5 tracker... Permissions Why does this app need microphone permission? Why do apps request microphone, location, or contacts access they don't need? A field guide to Android permission creep ... Scan PayPal yourself. Get the full report on your device — with real-time DEX analysis, permission auditing, and breach monitoring. Free, no account needed. Get AppXpose View all scans