I'd love to kick off a discussion of what is happening here and if it warrants further investigation (I'm not associated with Muddy Waters).<p>My thoughts reading the report are that they focus on scraping other company's cookies. AppLovin's primary realm is in app advertising, and the report really only works for certain web to app traffic patterns.<p>This raises the question of whether AppLovin is performing something similar via SDK in the potentially ~150k apps that use them.<p>Has anyone else looked into this via MITM or other ways of seeing if AppLovin is getting this information for the billions of installs a month it interacts with?<p>Here are some stats about AppLovin I've collected based on app-ads.txt and decompiled SDKs. Happy to share raw data with anyone interested.
<a href="https://appgoblin.info/companies/applovin.com" rel="nofollow">https://appgoblin.info/companies/applovin.com</a><p>I think the next step would be to try various MITM setups to see if what MuddyWaters is asserting does/could happen in app.<p>Let me know if anyone is interested in doing more research. More info in my bio.