Even when you tell an android app, “No, you don’t have permission to track my phone” you think you are actually stopping it from tracking your phone. You expect that by denying permission you can disable its abilities. However, researchers have something else to say on this matter. According to them, thousands of Android apps have found out ways to cheat android’s permission system, phoning home your device’s unique identifier and enough data to reveal tell your location as well.
Even when you deny permission to an app when it asks to see those personal data on your device, it may not be enough to stop it. A second app which you have given permission can make those buts available to the other app. it can even leave the bits in shared storage where another app even a malicious one can access your data. This may happen even when the two are not related to each other. According to researchers:
“Since both the apps are developed using the same software development kit, they can very access the data stored on your device.”
Also, there is clear evidence that SDK owners are receiving these data.
Based on a study presented at PrivacyCon 2021, an app from Disney and Samsung have been downloaded hundreds of millions of times by people all across the world. these apps are made using SDKs which is developed by Chinese search giant Baidu and an analytics firm called Salmonads that could pass your data from one app to another and even to their servers by storing it locally on your device first. Researchers have also found that some of these apps using the Baidu SDK can attempt to quietly obtain this data for their own use.
According to a study, a photo app called Shutterfly is actually capable of sending GPS coordinates back to its servers even without getting permission. Thus, this app can very well track your location. Similarly, there are thousands of other apps that can do the same. They harvest the data stored on your device and send it back to their servers.