dln949 To the charge of not having read those posts: Not guilty.
But, to the charge of not adequately comprehending what they fully meant and all the implications, I am definitely guilty!
Haha, no problem mate. Now that I understand where you are coming from let me explain differently.
dln949 But, how does one know if an app is privacy respecting?)
dln949 So if what Exodus Privacy is trying to tell me about trusting apps isn't useful or reliable, what am I supposed to do, what can guide me?
It is in fact all about knowing each app's behaviour and privacy/data-handling practices individually. And unfortunately this takes some researching for each app on privacy forums and such, which takes time. So you have to learn about each app. But you will get efficient at this over time to the point that you'll figure it in minutes sometimes with basic searching. Others will help you as well.
.
Explanation
Apps can not see into each other's data and files (android sandboxing feature). They can only see files they create and files they are given access to by you, unless if that data is willingly shared by that app with other apps or servers.
Inter Process Communication (IPC) is a feature that allows apps on the same profile to send data to each other (that you cant observe or stop). However both apps must be pre-programmed to "listen for" each other's messages. For example instagram will likely talk to and share data with whatsapp directly on your device. Similarly, google contacts can talk to gmail app, or the maps app, or google camera app etc. But neither will be talking to gos-camera app, because the gos-camera app is not designed to send any hidden data to them. They don't have to be from same company. They can talk as long as they have been designed to talk. Therefore, Uber could talk to gmaps, or with you phone app, or with play store, or even whatsapp.
Privacy respecting apps (ones that are not gathering data on you or about your system and uploading and building profiles) generally can be installed next to each other and next to "bad" apps, and this is ok. This is because they are not sharing any data with the bad apps. So you can install pretty much anywhere without much worry.
Its the non-privacy respecting apps (ones that gather hard data about your device, or your behaviour, and collude/share data with other apps and servers, either through IPC or through internet connection) that one has to worry about. Lets call them "bad" apps for convenience.
Bad apps are two types. Ones that don't have any identity data (email, phone number, name, credit card info), and ones that do.
Spotify, uber, whatsapp, amazon, audible, etc are examples of apps that know your identity (because they have one of your id data mentioned above).
Google maps is a bad app which normally has no identity data and can be used anonymously as long as it doesn't see you IP, your google account, and your home/work address. It will see your movement and searches but can't so far get a hold on who it is exactly, not yet! Youtube app, contacts/phone/sms apps (referring to bad ones) are other examples.
However if you now mix these bad "identity apps" with bad "non identity apps" on the same profile, then the ones that didn't know who you were can now potentially "get that info" from those identity apps because of IPC or server shared data. These apps can also know that they are on the same profile through various other means. At the moment apps can also check to see if they are on the same phone because of the MediaDRM ID exploit. Likewise all information that was tracked about your movements in gmaps and videos you watched on youtube, music you listened on Pandora, can now get associated with your identity as well. So now "somebody" knows your movements, your video history, spotify music you listened to, Pandora music history, books you read, shit your shopped, calls you made, contact list, etc.
Just to be clear i strongly advice to not install gmaps or youtube app on your system at the moment due to the mediaDRM ID problem right now. Use them in browser.
So its very important to understand what apps to mix with what other apps and what "identity data" each has, in order to control what gets associated with what.
Blocking the internet on some apps solves the data sharing problem for them (if can be used offline) as long as they don't leak any important data through IPC to other apps that do have internet.
Different bad apps have different identity data on you. Sometimes having one or two ID info pieces is not enough to pinpoint you. But if you then mix apps that have different data points, if they collude then both get more data points and can start to single you out.
The point is you can use some bad apps with a combination of vpn, profiles, and internet blocking. But you need to be mindful of which "data point" each has and whether combining them causes unwanted cross-data exposure.
I hope this has finally cleared things up.
In your case ask us about specific scenarios and specific apps and we'll tell you.
Mod note: (other8026) edited a small part of this post at @User2288's request.