CAPABILITIES
FEATURES
Every capability that powers an investigation. From the first sweep to the final case file.
01 · SWEEP
CROSS-STORE SWEEP
One operation searches all 11 supported storefronts simultaneously. Queries are derived from the seed app's metadata fingerprint — name variants, icon hashes, keyword co-occurrence — not a flat keyword you supply by hand.
The sweep mirrors the actual distribution pattern of clone operators: multi-store rotation, regional listing variants, localised titles in six language families. Results are deduplicated across stores before triage.
Image-based search is available as an alternative method to keyword search — useful when a clone has renamed but kept the original icon.
STORES QUERIED
02 · SCORE
SIMILARITY SCORING
Every suspect is scored across four independent signal streams, then combined into a single similarity index. The score is a ranked guide to manual review — not a verdict. The analyst decides.
For suspects that clear initial triage, on-demand code comparison produces a structural diff. The output is reproducible and timestamped — the same scan can be rerun under documented conditions, and the underlying signal is exposed for independent review.
SIGNAL STREAMS
03 · CODE
CODE COMPARISON
On-demand only. Triggered by an analyst when a suspect clears the similarity-score threshold. Two pathways, chosen per case.
Structural diff. Decompiled function-level matches, string literal matches, control-flow similarity. Deterministic and reproducible — running the same comparison twice returns the same output.
LLM-assisted analysis. Confidence-scored verdict across Code, Resources / UI, Endpoints / Strings, and Manifest axes, with structured reasoning — strong-evidence items and key-differences. Useful when the structural picture alone doesn't settle the question.
Either output is structured material a solicitor can read and use as input to a takedown request or downstream filing.
STRUCTURAL DIFF SAMPLE
LLM-ASSISTED SAMPLE
04 · MONITOR
SCHEDULED MONITORING + EMAIL ALERTS
Recurring sweeps run on a cadence you set: daily, weekly, or monthly. New suspects that appear since the last sweep are surfaced immediately. Existing suspects are re-scored to detect listing changes.
Alert emails are structured, not narrative. Subject line carries the count. Body carries the suspects, stores, and scores. No opinion, no editorial — the analyst decides what to do next.
Two scheduled job types are available: activation checks (does the tracked app still appear on store?) and metadata extracts (have any tracked listings changed?).
SWEEP CADENCES
05 · EXPORT
STRUCTURED EXPORT
Today: search results export as a structured CSV — suspects, similarity scores, store, developer, version, and status, with UTC timestamps. Filterable in the UI before export.
Bundled case-file output — artefacts, visual comparisons, code-comparison reports, and a case summary in a single package — is on the roadmap. Today, those artefacts are available individually inside an investigation; tomorrow, they ship together.
Decisions about enforcement and admissibility remain with the client and their counsel.
Bundle composition
Coming- Case summary
- Per-suspect artefacts (metadata, screenshots, code comparison where run)
- Similarity scores with signal breakdown
- Developer identity signals
- UTC timestamps
06 · HISTORY
METADATA CHANGE TRACKING
Store listings change. Clone operators update titles, swap icons, alter descriptions, push new versions. PhantomTrace captures each metadata extract as an append-only version and surfaces field-level diffs against the previous capture.
That timeline is structured material: when the listing first appeared, what it looked like then, and what changed when. Useful for establishing prior art and supporting takedown timelines.
VERSION TIMELINE
07 · ROADMAP
WHAT'S NEXT
A short list of capabilities in progress. No dates — when they're ready, they're ready.