Mobile application (app) developers commonly utilize analytic services to analyze their app users’ behavior to support debugging, service quality, and advertising. Anonymization and aggregation can reduce the sensitivity of behavioral data, and analytic services may encourage the use of these protections, however, developers can misconfigure the analytic services and expose personal information to greater privacy risk. Since people use apps in every aspect of their daily lives, apps may contain a lot of personal information, such as a user’s real-time location, health data, or dating preferences. To study this issue and identify potential privacy risks due to such misconfigurations, we developed a semi-automated approach, Privacy-Aware Analytics Misconfiguration Detector (PAMDroid), which enables the empirical analysis of modern analytic service practices. This paper describes a study of 1,000 top apps using top analytic services using PAMDroid in which we found misconfigurations in 120 apps, among which, 52 apps also cause a violation of either the analytic service providers’ terms of service or the app’s own privacy policy.