Experts from the International Institute of Computer Technology (IICT) scanned 88,000 Android applications and discovered that "thousands" of them track users without permission.
Furthermore, about 1,500 apps collect data about subscribers and user's device, even if the access to the personal information was denied. For example, you've refused to define your location, but the app can obtain your position from other services you wouldn't even know.
It happens because the majority of apps have similar working structure and set of tools. Certainly, they can also have the same developer and share data.
The apps which were caught in identity theft were based on Chinese software developers Baidu and Salmonads. Besides, Wi-Fi data or tags from photos can be used to pinpoint the user's current spot on the map.
In fact, this is the direct infringement of the privacy confines what made experts appealed to Google in September 2018. The company promised to go deeply into the problem and fix vulnerabilities yet after the latest Android Q updates.