horde I know what Exodus is. And I don't agree with Privacy Guides' assessment of it. I'm leaning more towards GrapheneOS' analysis: https://x.com/GrapheneOS/status/1793051200255848553
I'm not sure it fits in this thread, but I'll quote the posts by the GrapheneOS account here because I have the impression that some users tend to take Exodus' outputs at face value, without thinking critically about how the service actually comes to the conclusions it does.
Bear in mind that it's only scanning for specific third party libraries they decided are trackers. The classification of some of these libraries as trackers is often questionable or clearly wrong. The way it displays permissions is very wrong and really not how permissions work.
As an example of why scanning for specific third party libraries doesn't tell you much:https://reports.exodus-privacy.eu.org/en/reports/com.facebook.katana/latest/
https://reports.exodus-privacy.eu.org/en/reports/com.facebook.lite/latest/The way it displays permissions displays low-level info without grouping them into their runtime toggle groups and showing they're opt-in.
In addition to not showing them grouped into their permission toggles and showing that the most important ones marked dangerous are opt-in, it doesn't show the ones with special access permission toggles (mostly off by default) or that the battery restriction mode controls a lot.
It also shows a lot of useless things like QUERY_ALL_PACKAGES for querying info about packages in the same profile. Reason it's useless is because apps can simply declare queries matching all apps and still query them without it. It's the beginning of a future privacy feature.
The low-level permissions marked dangerous are the ones with standard toggles, which also includes INTERNET (Network) on GrapheneOS. Ones not marked dangerous mostly use a special access toggle (usually off by default), case-by-case requests or both (request install packages).
Whether or not they're marked dangerous is a low-level thing determining if they get a permission toggle. Some aren't marked dangerous because they are considered more dangerous and have an off-by-default special access toggle or a whole special page like accessibility services.