This review from USENIX Enigma 2019 might be interesting for you. They tested over 80,000 of the most popular Android apps to examine what data they access and with whom they share it, how mobile apps are tracking and profiling users, how these practices are often against users' expectations and public disclosures, and how app developers may be violating various privacy regulations.
Some numbers from the presentation
- the "GPS icon" is visible for only 0.04% of actual accesses to location data
- of 42000 apps transmitting personal information, 21000 (50%) don't use TLS and send data unencrypted
- 1,325 apps that don't have location permission, actually obtain street-level location data and transmit it home
Some numbers from the presentation
https://www.usenix.org/conference/enigma2019/presentation/eg...