"No third-party trackers" is the marketing framing, but the more interesting question for a walking app is which categories of telemetry are still on-device but functionally trackable.
Walking and route data is a hard category to anonymize even with all third-party SDKs removed. The home-area inference attack is well-documented: a small number of stationary points clustered around residential coordinates is enough to deanonymize a user from public datasets, regardless of whether any third party sees the raw GPS trace.
Two architectural choices that matter more than the third-party tracker decision:
Where the route is computed. On-device routing (with offline map tiles) is meaningfully different from server-side routing where the user's start and end points get logged transactionally. The privacy story collapses if "no trackers" still means routes hit a backend.
How long traces are retained on-device. Even local-only logs become a privacy issue under device theft, cloud sync, or family sharing. A privacy-conscious app should default to ephemeral traces and require explicit opt-in to persistent logging.
The thing worth checking on any app marketed this way is the network log during a typical session. Third-party tracker SDKs are the easy-to-detect category; first-party telemetry to the app's own backend often does the same job and isn't covered by the marketing claim.
"No third-party trackers" is the marketing framing, but the more interesting question for a walking app is which categories of telemetry are still on-device but functionally trackable.
Walking and route data is a hard category to anonymize even with all third-party SDKs removed. The home-area inference attack is well-documented: a small number of stationary points clustered around residential coordinates is enough to deanonymize a user from public datasets, regardless of whether any third party sees the raw GPS trace.
Two architectural choices that matter more than the third-party tracker decision:
The thing worth checking on any app marketed this way is the network log during a typical session. Third-party tracker SDKs are the easy-to-detect category; first-party telemetry to the app's own backend often does the same job and isn't covered by the marketing claim.