GPStest is supposed to be a simple app that lets you see what the GPS system is doing. The latest “What’s new?” says “Background execution - You can now log on to your device while you do something else!”
This is suspicious. There is no need for GPSTest tor run in background, ever. Did someone put malware into it?
Uninstalled app. Recommend removing it.
The background feature is so that you can have it keep searching for satellites via a foreground service when using other apps.
It is a very useful and welcomed feature.
It isn’t even enabled by default.
That’s a weak excuse for adding a security hole.
And why do you think it is a security hole? Explain.
Least privilege. Any app which adds a new privilege is suspicious. That’s usually what happens when someone takes over an existing app.
Please link the source code for this backdoor you describe or proof of the takeover then.
My point is that any increase in privilege by a working app is suspicious. Especially one that turns on a capability not really needed for core functionality.
I patiently await to see your minimal fork included in F-Droid.