The aforementioned Kaspersky blog post puts a heavy focus on the degree to which Google and OEMs collect the various unique identifiers that tie you to a specific handset. Most people probably wouldn’t mind data being collected that’s largely uniform across a specific model smartphone and can be used to troubleshoot problem apps, like basic hardware, firmware, and operating system specs, as well as related matters like battery drain. You want developers to be able to troubleshoot problem apps, after all. But unique identifiers are a different story.
The university study found that Android phones generally transmit the phone’s Google Advertising ID (which can be changed but generally isn’t by the vast majority of users), the device serial number, the radio module’s IMEI code, and the SIM card number. The serial and IMEI number being among the data collected means that you could change your phone number, factory reset the phone, and/or even install a custom Android ROM on it, but it could still theoretically be tied to you.