Ad SDKs exploit OS bugs to get location data. These specific ones have since been patched, but historicaly they read ARP tables, EXIF geo tags, and colluded with other apps that legimately had location permissions to get that info. It wouldn't surprise me if there are other live exploits quietly being used today. https://www.usenix.org/conference/usenixsecurity19/presentat...

> We have responsibly disclosed our findings to Google and have received a bug bounty for our work

Caring about your privacy and using an OS by an adtech company is kind of orthogonal…

Unfortunately the only other option is even worse.

That's a very naive look on the situation. There are plenty of websites that can explain how this is just not accurate better than I could attempt to summarize it. If web searching is not your thing, I'd assume a GPT could point you in the right direction

That is not true. https://www.wired.com/story/gravy-location-data-app-leak-rtb...

With absolutely no details - how are these apps surreptitiously getting location data from your GPS without you giving them permission?

If they are using your IP address to track you, a website can do that just as easily.

Here you go: https://www.kroll.com/en/publications/cyber/cti-gravy-analyt... I'm not going to Google any further.

The argument was that apps can surreptitiously gather information from you. The apps in question didn’t get your location data without you specifically allowing it.

Websites can also ask you for your location.

In the comment you replied to I asked

> from your GPS without you giving them permission?