I was just browsing though the Android Developer Docs, when I stumbled upon this sentence in the “Toggles section”: ( [source | developer.android.com]

On supported devices that run Android 12 or higher, users can enable and disable camera and microphone access for all apps on the device by pressing a single toggle option. Users can access the toggleable options from Quick Settings, as shown in figure 3, or from the Privacy screen in system settings.
When the user turns off microphone access, your app receives silent audio. Additionally, motion sensors are rate-limited, regardless of whether you declare the HIGH_SAMPLING_RATE_SENSORS permission.

And HIGH_SAMPLING_RATE_SENSORS has protection level normal, which means it’s an install time permission! You never click Accept!

I do not inspect the manifest of each app I install. But I’m 100% sure that the Mi Fitness app (which does not function if it can detect that I turned of the internet on purpose) uses this loophole to access the microphone.

Am I missing something? I’m failing to see how it says that HIGH_SAMPLING_RATE_SENSORS is a perm that allows microphone access. To me, I read it as “if microphone access toggle is off, then motion (gps, accelerometer, etc {i.e.
not microphone}) sensors will also be rate limited, doesn’t matter if you use HIGH_SAMPLING_RATE_SENSORS perm or not”. Seems to me to be talking about things very different from microphones. Maybe I’m dumb idk

Chess:

I’m failing to see how it says that HIGH_SAMPLING_RATE_SENSORS is a perm that allows microphone access.

You’re correct, the permission doesn’t give access to the microphone. The quote from the Developer Docs simply states that when the user toggles off the microphone system wide (using the quick menu toggle or in settings), apps cannot access the mic and the sample rate of other sensors (gps, accelerometer, ect.) are reduced, making their information less precise.

unknownghost:

But I’m 100% sure that the Mi Fitness app (which does not function if it can detect that I turned of the internet on purpose) uses this loophole to access the microphone.

It’s likely that the Mi Fitness app requires internet access to function. If I’m reading your post correctly, when you turn off your mobile data and Wi-Fi, the app detects that and refuses to function. However, if you don’t do that and are just offline normally, it does work?

If that is the case, I would recommend using NetGuard, an open-source local firewall. It’s an available on either F-Driod or the Playstore . In actuality, it would be better to completely ditch the app and replace it with a FOSS fitness tracker, which there are a plethora of.

Techlore is educating people about digital rights, privacy, security, and more to push the world towards a safer internet. The Techlore Discussions forum is a home for reasonable privacy and security discussions.