The situation has gotten better over time as the OS manufacturers have locked down permissions and made background operations more visible. But many privacy leaks have been only recently fixed or remain unfixed—for instance, it was only in 2021 that Android removed the ability for apps to collect the full list of installed apps. And there have been some real stinkers in the past, like when Facebook used its app to modify people’s contacts lists to make @facebook.com email addresses the primary. Companies that make money from aggregating data will always be on the cutting edge of these techniques compared to ordinary people. The app that’s not installed leaks no data at all, and I don’t blame anyone for avoiding apps that aren’t absolutely necessary.