Get information from the Wi-Fi network and the IP address of the terminal
Although the user does not realize, the applications have several processes in which they communicate and, continuously, the devices themselves share information with the apps that are installed on the smartphone.
This information refers to the WiFi network to which you are connected, the unique physical address of the access point to which the telephone is connected (BSSID), the IP address of the device, information of the DNS servers and the physical and unique address of the device (MAC).
Data that is normally shared for a positive purpose, but if a malicious application is installed on your mobile, you can ‘listen’ to these communications, which will give you access to specific information on your phone, related to the Wi-Fi network or the location of your same. You can even geolocate the user using BSSID databases, as explained by the Nightwatch Cybersecurity consultancy on his blog.
The MAC address is a code of its own that can not be changed, so when you get it, you discover where a specific device is located. As of Android 6 this information is no longer visible through the Application Programming Interface (API), although through interprocesses listening it is possible to access this data.
However, Google has corrected this vulnerability in Android 9 Pie, so it urges users to update to the latest version of Android, which is about to reach the devices.