Complete application mapping
The platform identifies third-party SDKs, requested permissions, embedded trackers and contacted services, against reference catalogs maintained continuously.
France's data protection authority has been auditing mobile apps since 2025
Find your app's GDPR violations before the regulator does.
Skanopy observes what actually happens inside your Android app: which SDKs and trackers are active, what data leaves and who receives it, and whether your app respects a no from your users.
com.sampleapp.androidv4.2.1 (build 872) · Android 14
Overall risk64 / 100high
31permissions26third-party SDKs21trackers
Compliance signals
- required
Consent required
Advertising SDKs or advertising ID detected
- not detected
CMP detected
IAB TCF keys present in the code
- 7
Needs manual review
Items outside the reference catalogs, to examine
Score composition
ObservationPoints
Advertising SDK present with no CMP detected+15
Advertising ID processing+12
Permission ACCESS_FINE_LOCATION+8
You're responsible for every SDK. Even the ones you don't know about.
An app ships with dozens of third-party SDKs. Many collect identifiers, location or in-app behavior, then transmit that data to vendors the publisher has never audited. Without a legal basis or consent, that is a violation. And regulators now audit apps.
€20M
or 4% of worldwide annual turnover, whichever is higher: the maximum GDPR fine
€530M
fine for TikTok (2025), over transfers of European users' data to China
~€6M
fine for Grindr: data shared with advertisers through the app's ad SDKs, without valid consent (Norway)
85%
of consumers say it is important to know a company's data privacy policies before buying (McKinsey)
100%
of embedded SDKs engage your responsibility as the publisher (CNIL)
2025
the CNIL audits apps: SDK configuration and permissions
What Skanopy analyzes in your app
A comprehensive analysis powered by industry-leading technology. No source code required: Skanopy examines your app the way an inspector would.
Observation under real conditions
Your app runs on real phones, as close as possible to how your audience actually uses it. Skanopy observes the data that really leaves, who receives it, and whether it leaves the European Union.
Consent validation
Every path is verified: consent accepted, refused or ignored. The platform establishes what your app transmits in each case and immediately reveals a refusal that is not respected.
Continuous monitoring and reports
Every update is analyzed and you are alerted as soon as a new SDK or behavior appears. Each report follows the CNIL recommendation, ready to present.
Does your app actually respect a "no"?
Plenty of tools can detect an SDK. Skanopy was born in the consent world: what matters is whether your app respects the user's choice. When someone refuses, does the data leave anyway? And before they have even chosen? That is the exact question regulators ask.
From your app to a report, in 3 steps
No integration, no SDK to install, no source code to hand over. You submit the app, the platform handles the rest.
- 01
Submit your app
An APK or a simple Play Store link is enough. Nothing to install on your side.
- 02
Skanopy analyzes it
The app's real behavior is profiled on real phones, close to your audience's actual conditions of use.
- 03
You see everything on your dashboard
Violations ranked by risk, with the concrete fixes to apply. Everything is documented, ready to hand to your teams.
France wrote the playbook: what the CNIL expects from your app
The CNIL, France's data protection authority (DPA), published Europe's first recommendation dedicated to mobile apps and has been auditing them since 2025. It is not alone: Norway fined Grindr €6.5M over data shared through its app's ad SDKs, and Italy fined Replika €5M. Skanopy checks every point of the framework and backs it with technical evidence.
Consent
Get valid consent before enabling SDKs and collecting data.
checkedTransparency
Provide a clear, readable privacy policy.
checkedPermissions
Request only the permissions the app needs: minimization by design.
checkedRights
Let users exercise their rights: access, deletion, consent withdrawal.
checkedSecurity
Keep data secure (the CNIL cites the OWASP MASTG framework).
checkedVendors
Audit every SDK vendor: what they process through your app engages your responsibility, at minimum jointly.
checked
Frequently asked questions
Do we have to give you our source code?
No. An APK or a Play Store link is enough. The analysis is black box.
How does it work in practice?
You submit your app, the platform analyzes it and the full report appears on your dashboard. Nothing to install, no imposed process.
Which platforms do you analyze?
Android for now, from the APK or the Play Store link.
Are my results confidential?
Yes. Your analyses are visible only to you, on your dashboard, and hosted in the European Union.
How do we fix the violations found?
Every violation is documented on the dashboard: a clear explanation, a risk level and a recommended fix. Your teams have everything they need to act.
A one-time analysis, or ongoing monitoring?
Both. A one-off audit, or continuous monitoring that analyzes every new release.
Built by someone who already solved this for the web.
At the European leader in consent management, I designed the compliance monitoring that watches the web: trackers, cookies, evidence. Mobile raises exactly the same problem with less visibility, and nobody is really addressing it in France. Skanopy brings to apps what proved itself on the web.