[proactivesvcs]

And Microsoft Appcenter Analytics: https://reports.exodus-privacy.eu.org/en/reports/uk.nhs.nhsx...

[erinaceousjones]

Which they're using to track a couple of events, i.e. when the app fails to register with the API: https://github.com/nhsx/COVID-19-app-Android-BETA/blob/maste...

(Though that analytics platform itself does do device fingerprinting, inasmuch as detecting phone model, OS version etc -- I assume no individually identifying stuff like IMEIs, but who knows what a bad actor can do with sufficient entropy?)