Can confirm companies do this. I have helped build custom analytics solutions for android and iOS where apps dump literally anything and everything they can get data of. Product Managers are so inclined to scrape everything. I was surprised few years back when we could get device battery stats, nearby wifi ssids and even connected audio output device, if any.
I’m not implying it’s a creepy component. This component captures some really useful information, depending on your needs. But yeah, simple stuff.
And to back up an earlier comment in this thread, IP address is part of the user agent payload. That’s exceptionally common data to see, through browsers and apps. It doesn’t take a fancy library to capture that info.
I really wanted to be alarmed by this article, but I left with more questions than answers. And I’m guessing Amplitude is bummed by this press. They actually responded to say they don’t share data with 3rd parties, yet their name is peppered throughout the article, with implications that they are sneaky and nefarious.
On topic: your phone has many sensors and apps will use them. The only way to stop this is to literally disable the sensors. No more GPS, no more WiFi/Bluetooth scanning. Obviously this limits the functionality of your phone but it does work.
Later moved on to other roles.