Disclosure: am a dev working in the MCN business.<p>The "private data" the app collected, is used, for most part, fingerprint the unique user.<p>In every MCN app, there was a huge fake user problem. If an app collect zero identifiable fingerprint, then a spammer can easily fake millions of views and manipulate ranked content. The app developers are asked think clever to collect every piece of info they can, while spammers spent night and days spoof every parameter in a virtual machine or even on a matrix of remote controlled real phones.<p>For example, if a iPhone 11 user logs in, but only with screen resolution of 320x240, is it legit? I have caught tens of thousands of fake users with simple checks like this. However the tricks expires pretty quickly, you have to move on with new feature checks, together with decision trees and bayesian networks.<p>Some of the fingerprint collecting SDKs are even using native code to check some ARM specific instructions to tell if the device is fake or not. The parameters check had to be done in every important API calls, or spammers can easily pretend be good citizen during parameter checking process and swap the session to a cheaper VM/phone or spam the targeted API with scripts.<p>Chinese companies all have their own team dealing with frauds or spamming on daily basis, the same way as everything can be faked in China.<p>Think cyber attacks from Chinese IPs are bad? Now imagine doing business in China and all users of your product are bots, what methods do you have to filter out the real human users? Good luck.<p>Many ads network SDKs are collecting user data in the same way. Otherwise it's easy to spoof fake clicks and page views.<p>I not stating if it's the right or wrong thing to do, I am just saying it's how things are done in current state of business.