To attend the championship this year, fans must use a digital ticket provided through UEFA’s Ticket application. According to Heise, this app requires access to personal data, including name, email, phone number, and GPS permissions. While app store descriptions note the collection of personal information and activity data for analysis purposes, they omit any mention of location sharing.
What? The Heise article talks about how both apps access location APIs, but UEFA only publicly acknowledges that the second app tracks. The issue here is that the ticket app tracks, but UEFA says it doesn’t. The issue here is that UEFA is lying.
Looking at the permissions on the German Google Play store will obviously show that location is not used by the ticket app, because the entire issue being reported is that location is accessed without the knowledge of the users and without being reported in the app stores. This is why I asked how you checked, you need to check the app with something like Exodus or rev eng it and look at the actual api calls made in the source code.
I feel like I’m taking crazy pills. Do you just not believe that developers could lie, either directly or by omission, about what data their app collects?