A new study reveals that thousands of Android apps covertly collect location data using Bluetooth and WiFi beacons, allowing continuous tracking and profiling of users without explicit consent.
Ah yes, the exact reason why Google said giving apps Bluetooth or Wifi access is dangerous and tied it to location for so long
and thats why i finally gave up two years ago and bought a pixel and installed grapheneOS. also i just dont use shitty apps anymore. its a good life
I have been slowly replacing apps with FOSS options installed with Obtainium. I’ve always leaned heavily that way, but now it’s everything, including a switching to self-hosted ntfy for notifications.
I have a few more difficult options left like Tasker and AccuBattery, but soon I’ll be moving to Graphene with a full setup since everything else I used before has already been swapped. And I mean everything, even things like OBD2 scanning and core phone apps.
Did… did people not know this?
I mean, I guess this is a study of how widespread it is, but this shouldn’t be news to anyone.
Apps have been doing this for about a decade, either more precisely determining your location when GPS location is on, by checking it against known stationary wifi and bluetooth things that come into range, or even just guessing your location with GPS off via the same thing.
Most people just blindly give every app every permission it asks for, just like most people don’t read ToS.
You can either deny unnecessary permissions for each app, or just have wifi/location/bluetooth off if you’re not actually using them, and/or keep reseting your ‘advertising id’… or just run in airplane mode as a kind of ‘do not disturb’ mode.
Of course… if apps are actually circumventing those above methods of mitigation, permissions management etc, … well then they are malware.
Apparently 19% of the apps use methods that are so explicit that they probably violate the Google Play Store’s TOS, but 86% of them use methods that are basically allowed.
EDIT: Err, 86 - 19 = 67% use ‘allowed’ methods, a total of 86% use any method from their closed source, built in SDKs.
All malware imo, hooray for closed source proprietary software (the sdks built into the apps are closed source), you can totally trust them lol.
You need to remember how Tech illiterate the vast majority of the market is. If someone gets a pop-up asking for an app to have permission that they aren’t even going to read it so they’re going to look for the allow buttons that they can continue trying to use their app.
They don’t know or care what’s happening and trying to explain it to them generally makes them tune out, no amount of more detailed permission message or anything is going to change that for anyone except people of higher Tech literacy which is the majority of what you’re going to find here on lemmy
AFAIK you have to give the app location access for it to be able to scan sourrounding networks and see the SSIDs (At least that’s how it works on the newer Android versions circa around Android 10 or 9). For bluetooth you have to enable at least the nearby devices permission. If you do these things then it makes sense that the app can track your location.
And Android specifically requests this permission as location sharing so that it is clear that if you give the app permission to scan Bluetooth and WiFi networks it will know your location.
Google have always tracked you using wifi, their street views cars have been collecting and geotagging wifi signals for decades now. Hooray for them doing the bare minimum when someone else tries to I guess.
F-droid or bust
