Not exactly related but on the topic of finding target's location, A few years ago i used to run a little demo of capturing probe wifi ssid network on prefered network list of nearby devices and used <a href="https://wigle.net/" rel="nofollow">https://wigle.net/</a> to identify places that people has visited... it was eye opening for some people in the audience for sure.
I have something similar:<p><a href="https://appgoblin.info" rel="nofollow">https://appgoblin.info</a> which let's you see trackers installed on mobile apps and an Android app that lets you see those on your phone.<p>I'm working on automating a flow similar to the OPs but with an emulator so it can run on a server, but it's pretty difficult.<p>If anyone has advice I'd love to hear it. My biggest problem is how finnicky getting the rooted emulator plus apps is.<p>My current flow for mitm and waydroid is here:
<a href="https://github.com/ddxv/mobile-network-traffic">https://github.com/ddxv/mobile-network-traffic</a><p>Hope anyone has some advice!<p>Edit: just want to mention that the OPs flow is definitely better for capturing real data and endpoints, but I didn't see how I could automate it?
I know this topics comes up ever so often here, but this is really amazing demo. A reminder that on Android you can use tools like XPL-EX (previously XprivacyLua) to heavily block such calls and libraries, or something simpler even like something like [App Manager](<a href="https://muntashirakon.github.io/AppManager/" rel="nofollow">https://muntashirakon.github.io/AppManager/</a>).
We all kind of know this is true, but it’s always really eyeopening to see to what extent these companies know everything about us.<p>Even worse is, I think, that somehow they are allowed to sell all the data and that you can basically buy data about everybody easily online[1]<p>[1]: <a href="https://media.ccc.de/v/38c3-databroker-files-wie-uns-apps-und-datenhndler-der-massenberwachung-ausliefern" rel="nofollow">https://media.ccc.de/v/38c3-databroker-files-wie-uns-apps-un...</a>