The list applies to Android apps but many work on iPhone, too. If you’re online, or using a specific app, you’re being tracked.
Rob Pegoraro on Serge Egelman’s team that tracked down such offenses:
Google paid his team a bug bounty for disclosing these vulnerabilities and promised fixes for them in the upcoming Android Q release. He called that not good enough
The vast majority of Android users have older devices and won’t be getting over-the-air updates that patch this vulnerability.