The Android OS broadcasts "system messages" which can be received by any client application which requests them -- without any user permission oversight. These broadcasts expose potentially privacy sensitive information about the user’s device and location to all applications running on the device. This includes the WiFi network name, BSSID, local IP addresses, DNS server information and the device's MAC address. Some of this information, such as MAC addresses, is no longer available via APIs since Android 6 (Android P is #9), and extra permissions are normally required to access the rest of this information. However, by listening to these broadcasts, any application on the device can capture this information... thus bypassing all permission checks and existing mitigations.
Full episode at twit.tv/sn679
You can find more about TWiT and subscribe to our full shows at https://twit.tv/shows/