This is not a mistake by Exodus, but this is a false alarm – there are no privacy implications.
Auth v4.2.4 introduced a dependency on the scan | Flutter package that indirectly depends on HMS to scan QR codes from your local gallery. We were aware of the indirect dependency, and the feature was blocked behind a feature-flag and never made available to the public.
Any calls to HMS servers for instrumentation happens when the feature is used, and since the feature is not available to public, there is no data leakage.
The dependency will be removed in the next update.
Related thread on Ente’s Discord.