The current link is to the press release for a paper. Link to the paper: <a href="https://www.expressvpn.com/digital-security-lab/investigation-xoth" rel="nofollow">https://www.expressvpn.com/digital-security-lab/investigatio...</a><p>E: The vice article [1] on this paper brings one aspect into focus:<p><pre><code> At least five more Muslim prayer or similar apps worked with data broker X-Mode, which has sold location data to military contractors and by extension U.S. military intelligence, according to multiple technical analyses.
</code></pre>
1: <a href="https://www.vice.com/en/article/epdkze/muslim-apps-location-data-military-xmode" rel="nofollow">https://www.vice.com/en/article/epdkze/muslim-apps-location-...</a>
As always, I would recommend to use an AOSP build without google service integration (like LineageOS builds).<p>I'd also recommend to use AppWarden [1] and the Exodus project [2] to verify for yourself what your Apps do behind the scenes.<p>Regarding an App masquerading as Telegram: Use the Telegram FOSS fork [3] which disables Firebase's trackers.<p>[1] <a href="https://gitlab.com/AuroraOSS/AppWarden" rel="nofollow">https://gitlab.com/AuroraOSS/AppWarden</a><p>[2] <a href="https://exodus-privacy.eu.org/en/" rel="nofollow">https://exodus-privacy.eu.org/en/</a><p>[3] <a href="https://github.com/Telegram-FOSS-Team/Telegram-FOSS" rel="nofollow">https://github.com/Telegram-FOSS-Team/Telegram-FOSS</a>
A good practice is to consult Exodus Privacy before installing your app. If the app is not already analysed, you can start an analysis via the UI.<p><a href="https://exodus-privacy.eu.org/en/" rel="nofollow">https://exodus-privacy.eu.org/en/</a>
I would be interested to know how many of the 450 apps actually needed your location data to do their job. If the app is an exercise app with a map, its a feature that it knows where I am.<p>If it's a messenger app with a feature that can share your location, then its expected that it will have access to the API's.
IMO: if you don't treat your phone like another PC and run postmarketOS (or similar) than you shouldn't use a "smartphone."
Almost everything in the iOS and Android ecosystems is pathologically malicious.
The article seems somewhat absent of information, They list telegram as one of these location tracker apps. I use telegram and it has some features like sending your location to a friend but I'm not aware of it ever just grabbing your location without requesting it. I'm also not sure that ios allows grabbing the location without the app being in use either.