Some mobile apps like facebook perform an “ARP protocol” which is an unnecessary & invasive sniffing tool, that obtains your unique MAC address. I mentioned this & someone brought up spotify,I was surprised to hear about their experience(quoted below) with spotify, has anyone else experienced this or known about this below?
"I would’ve thought that apps would not be able to perform ARP as it would require a raw socket which is typically reserved for root, but at some point I concluded that Spotify was bypassing my Mullvad VPN which had local network sharing disabled. I don’t know how this was happening, but I think it would be a similar situation.
Pretty sure I was able to control Spotify on one phone from another phone. Either Mullvad wasn’t properly disabling local network access or Spotify was bypassing it."
It’s not a “sniffing tool”, all network devices must know the MAC addresses of nearby devices in case they want to route packets there. This is a part of TCP/IP without it, you don’t have a network.
You cannot access /proc/net/arp with a file handle as as this post suggests on Android 10+ and ip neigh show won’t work on devices newer than Android 11 (SDK 30 and above). Accessing ARP cache through Google’s APIs isn’t possible as there is no permission that grants that.
Facebook was never a private app, and you should assume there is no way to use it privately, has more than enough to fingerprint your device.