For years, Apple and Google have allowed companies to bury surveillance features inside the apps offered in their app stores. And both companies conduct their own beacon surveillance through iOS and Android.
-- Michael Kwet, New York Times
I'd like to think that life-long WordPress users are a bit ahead-of-the-game, here, since we have been dealing with suspect apps (Plugins in WordPress-speak) for so long. To be fair, security problems are rarely intentional, but that is why installing any Plugin in WordPress or app on a phone is so dangerous. It is very difficult to perform effective edge testing on these apps, without expertise in the underlying system (WordPress core, Android or iOS).