I wanted to know how Duolingo makes money on Android -- ads vs Super subscription, which SDKs they use, and how aggressive the free tier is. So I decompiled Duolingo 6.79.5 (164 MB APK, 11 DEX files, 242 activities).
TL;DR
- IronSource mediation sits at the center -- Unity Ads, Vungle, Moloco, AdMob, Facebook, and Pangle all plug in around it
- Facebook Audience Network ships as a 5 MB hidden DEX in assets (same trick as CamScanner)
- 7+ ad networks for free users; Google Play Billing for Super/Plus (no RevenueCat found)
- Kotlin + Jetpack Compose for the main app; Unity for some game modules (chess, etc.)
-
Staging APIs (
android-api-stage,goals-api-stage-*) are hardcoded in the production build - Adjust + Sentry (+ Firebase) for attribution and crashes
How Duolingo Makes Money
Subscriptions (Super / Plus)
Duolingo uses Google Play Billing directly -- ProxyBillingActivity, PlusPurchaseFlowActivity, strings for gems and family plans. Deep links hit duolingo.com/settings/super.
I did not find RevenueCat or Superwall in the DEX. Subscription logic appears first-party on top of Google's billing library.
Ads (free tier)
Free users hit a mediation-heavy stack:
| Network | Role |
|---|---|
| IronSource | Mediation hub (most SDK surface area) |
| Unity Ads | Mediated demand + game ad units |
| Google AdMob | Google demand, MRAID native templates |
| Facebook AN | Hidden audience_network.dex
|
| Pangle (TikTok) | Rewarded, interstitial, app open |
| Vungle | Video |
| Moloco | Programmatic / MRAID / VAST |
Duolingo-owned ad screens include CustomNativeAdActivity, FullscreenNetworkNativeAdActivity, and PlusPromoVideoActivity -- ads show up at session end and league flows, not random webviews.
The hidden Facebook DEX (again)
assets/audience_network.dex ~5 MB
Meta's SDK is not fully embedded in the main multidex load. It is loaded from assets when needed -- a common pattern to protect cold start on huge apps.
Tech Stack (what they built with)
| Layer | Choice |
|---|---|
| UI | Kotlin + Jetpack Compose (thousands of references) |
| Games |
Unity (UnityActivity, chess promo assets) |
| Network | OkHttp, Retrofit |
| Media | ExoPlayer, Lottie, Rive |
| Attribution | Adjust |
| Crashes |
Sentry (duolingo-sentry.sentry.io) + Firebase |
| Support | Zendesk |
Min SDK 29 -- they have dropped pre-Android 10 devices.
Staging servers in production
Same class of mistake as other big apps:
android-api-stage.duolingo.com-
goals-api-stage.duolingo.com(+ stage-2, stage-3) infra-edge-gateway-stage-cf.duolingo.com
Useful if you are researching API behavior; risky if those hosts expose looser auth.
Duolingo vs CamScanner (quick compare)
I decompiled CamScanner earlier:
| CamScanner | Duolingo | |
|---|---|---|
| Mediation lead | AdMob + PubMatic bidding | IronSource + Unity |
| UI | Native + Flutter | Compose + Unity games |
| Ad networks | 6 | 7+ |
| Hidden Meta DEX | Yes | Yes |
Education apps and utility apps converge on the same playbook: many networks, one mediator, lazy-load Meta.
What I left out of this post
The full report includes 60+ first-party API hosts, complete permission breakdown, schools/DET endpoints, and module-level Activity mapping. This post is the highlights.
I run AppXray -- send any Google Play link, get a full reverse-engineering report (PDF + Markdown) in ~2 hours. $29 for one app, $19/app for batches.
Free samples: CamScanner teardown
Questions about Duolingo's stack? Comment below.