I'm not a CS graduate. I didn't go to a bootcamp.
Two years ago I was working in a factory.
Today I have an Android app on the Play Store with 2,000+ installs,
4.6 stars, and users in 5 languages.
Here's what actually moved the needle:
What didn't work
- Product Hunt launch → 1 upvote (the community needs warming up weeks before — I didn't know that)
- Google Ads → too expensive without clear conversion data
- Reddit → got removed from subreddits for "quality reasons" even with genuine content
What did work
- Posting real scan findings of apps like Binance, PayPal, WhatsApp — people care when it's data they recognize
- One post hit 7K+ views and users started mentioning AppXpose in comments organically — without me asking
- Adding Spanish support after noticing Spanish-speaking users downloading — small move, big signal
The app
AppXpose scans Android apps for hidden trackers, risky permissions, GDPR flags, and generates a Breach Risk Score. No other app combines all four in plain English for regular users.
Current status
- 2,000+ installs, 31 reviews, 4.6 stars
- Free tier: 5 scans/week
- Pro Lifetime: €4.49
- GUARD subscription with breach alerts: €39.99/year
Still figuring a lot out. Happy to answer questions about Android development, ASO, or bootstrapping solo.
Top comments (4)
Please send some technical details how your doing this.
Mythos can already do it
sure, here's how it works technically:
On-device: we scan the DEX bytecode directly, matching class path prefixes against ~140 tracker signatures (~80 from Exodus Privacy + ~60 from our own research, this number is growing day by day). No network call needed for the initial detection.
Backend: the APK hash gets checked against MalwareBazaar. Signing certificate gets stored and compared via a TOFU model - same package ID but different cert = flagged as likely repackaged. Permissions are scored against 45 Play Store category norms, so a flashlight app with location + contacts access scores very differently than a maps app with the same permissions.
Risk score is two-phase: deterministic pre-score first, then Claude Haiku generates the plain-language breakdown. Thresholds are 0-29 LOW, 30-59 MEDIUM, 60-79 HIGH, 80-100 CRITICAL.
We also run a community discovery pipeline - when 3+ distinct apps contain the same unknown class prefix, it gets auto-confirmed as a new tracker and synced to all devices daily without an app update.
Not familiar with Mythos - what are they doing differently?
also if you wanna go in full detail you can read everything up on here: appxpose.app/how-it-works
Happy to answer more questions
Hey mate. Great to see how you going and building this. Rooting for you.
thanks bro - glad you found your way into here (: