According to the researchers, many applications can now spoof Android’s privilege system, call your device’s unique identifier and enough data to be able to reveal your location.
When an application asks for access to your personal information, simply selecting “No” may not be enough to stop it. Another application you are allowed to access can share this information with another application, or it can add your information to the shared storage system, and other applications (and possibly even malicious applications) can view it.
These applications are built using the same software development kit (SDK) and can share data even if they don’t seem to be linked to each other. There is also evidence that the SDK owner is able to view the information.