More than 1,300 Android apps are collecting users’ precise geolocation data and phone identifiers even when they’ve explicitly denied the required permissions. Researchers found 13 apps with more than 17 million installations that are accessing phone’s IMEI, a persistent phone identifier, stored unprotected on a phone’s SD card by other apps. Android Q update will address the issues by hiding location data in photos from third-party apps as well as making it mandatory for apps that access Wi-Fi to have permission to access location data.
Source: https://thehackernews.com/2019/07/android-permission-bypass.html