@Mikaela dug a bit more and in the linked above PDF references:
 AppCensus Inc. Apps using Side and Covert Channels.
https://appcensus.mobi/usenix2019 , 2019.
which gives me 404, but look around that site (about and tested apps) and blog and see Reardon and Engelman contributing to blog (and papers referenced in the website about) so do imagine the usenix2019 link will either flesh out for the conference in August or they took it down to avoid legal harassments from pissed off exposed app asshats.
good blog post about related, ignoring play store Advertisement ID mandate to not transmit it with any other identifier…
another real good resource is the exodus app and website. I do believe a contributor behind this project is active in matrixlandia that tried to reason with me when I was up at arms over riot-web app being the 3 tracker laden librem1 chat borg-mother (blamed/shirking responsibility by purism guys for trackers in their riot rebranded app)