I’m using using a Revanced patched version of RIF is Fun to access Reddit. I have a VPN with ad blockers running. The app doesn’t have location permissions. I am getting ads for my city in it. The odd thing is that before the banning of 3rd party Reddit apps, I never got ads on RIF. I’m not only curious how they’re finding my location, but if anyone is getting paid for these ads since RIF has officially shut down and it’s only usable because of the Revanced patch.
You can leak location data through many was.
Time zone on phone, ip address of your phone, latency of your connection through a VPN (can guess your metro area based on VPN end point and your overall latency), language localization settings (if you have Malay and English then your more likely in Malaysia), advertiser ID, phone ID. If one app has location services (like tinder) and they sell your phones location and phone identifiers to third party services, like advertisement networks, then they know roughly where you are.
If a APP has your phone number, for identity verification, or two factor authentication, they can use data brokers to get your location from cell phone providers… Which is why giving ANYONE your real phone number is dangerous.
Location services are notoriously hard to fully shut down… Can’t let ANY apps see wifi networks, bluetooth networks, GPS, or raw IP information, cellular data.
Even if your doing everything right, ALWAYS on VPN, GrapheneOS, no extra permissions for any apps… it takes just one mistake, to get associated with location… Turned off always on VPN to login to a captive portal, and some app (like tinder) got a few packets through outside the VPN…