Ah, that would make sense. It is indeed a bluetooth connection and it scans for any nearby devices. Thank you for clarifying that, I appreciate it, and I feel a lot better about the app!
Can you tell if that's all it does? I don't know what all geolocation covers in Android terms, but it would certainly be a superset of just scanning for BlueTooth.
I would be curious if it does any or all of:
- Fetching GPS coordinates, which are typically to many decimal places.
- Making API requests to external servers that you don't own.
A tool like MobSF (https://mobsf.github.io) might be very enlightening to understand what a given app does, or at least can do. I've tinkered a bit with an iOS app in it, but not Android so far.
Also, proxying your device through Burp Suite or ZAP could also be interesting to see what traffic occurs, especially if the developers weren't picky about valid TLS certificates.
