In addition, Huawei now blocks sideloading Android apps to promote its ecosystem growth.

Well looks like I’m never going to get a device from this manufacturer then.

Sad to see Mozilla being managed into the ground, betraying their principles and selling their users.

That is not entirely correct. The reported found the app using permissions that are not covered by the manifest. It also found the app being capable to execute arbitrary code send by temu. So it cannot be clearly answered if the app can utilize these permissions or not. Obviously they would not ship such an exploit with the app directly.

I’d second this. The organization behind it (https://calyxinstitute.org/about) is a long established non profit, their portfolio covers various cool projects. The vpn client itself is basically a rebranded version of https://f-droid.org/packages/se.leap.bitmaskclient, it it is nothing special.

The question is not weather Google is tracking or not, the question is if Google is breaking the law doing so.