Except that it sounds like this hooked into an app and sent all the info about those Bluetooth devices to the manufacturer, which some data collectors can use process of elimination to isolate you. Normal (privacy-respecting) Bluetooth devices do not pass this info to the service provider and only your phone uses it to pair with the device.
Sounds more like the app presented a standard request for location access, which is required for scanning nearby devices to be able to find and pair the mug with an app.
You are correct that this is normal for the OS. The OS will use this data to determine your location. What is not normal is abusing the Bluetooth permission to send a list of scanned devices to app vendor. They should only be collecting the location, not the raw Bluetooth list. I don’t know what the app is to confirm, but the way they said it, they would be handing all of the local device data along with the standard location permission. This is the extra data that can be used to isolate you more than just a location could.
This is similar to browser fingerprinting, but worse because your phone goes with you everywhere.
One final mention is that the app is likely not collecting that list once, but rather regularly, so they could build a profile on what devices you’re in range of and by extension where you are regularly, even if you chose to disable your location, since they’re using Bluetooth MAC addresses as their workaround.
No one, not even OP, said anything about the info being sent to the vendor. You’re arguing about a point that you pulled completely out of the aether and which has no bearing on anything in this thread.
Except that it sounds like this hooked into an app and sent all the info about those Bluetooth devices to the manufacturer, which some data collectors can use process of elimination to isolate you. Normal (privacy-respecting) Bluetooth devices do not pass this info to the service provider and only your phone uses it to pair with the device.
Sounds more like the app presented a standard request for location access, which is required for scanning nearby devices to be able to find and pair the mug with an app.
E: For the paranoid:
https://developer.android.com/develop/connectivity/bluetooth/bt-permissions
You are correct that this is normal for the OS. The OS will use this data to determine your location. What is not normal is abusing the Bluetooth permission to send a list of scanned devices to app vendor. They should only be collecting the location, not the raw Bluetooth list. I don’t know what the app is to confirm, but the way they said it, they would be handing all of the local device data along with the standard location permission. This is the extra data that can be used to isolate you more than just a location could.
This is similar to browser fingerprinting, but worse because your phone goes with you everywhere.
One final mention is that the app is likely not collecting that list once, but rather regularly, so they could build a profile on what devices you’re in range of and by extension where you are regularly, even if you chose to disable your location, since they’re using Bluetooth MAC addresses as their workaround.
No one, not even OP, said anything about the info being sent to the vendor. You’re arguing about a point that you pulled completely out of the aether and which has no bearing on anything in this thread.
AKA, a straw man