Android phones can be identified and tracked in several ways without the user's consent or knowledge. Malicious apps can extract identifiers like IMEI and IMSI and send this data to attackers. They can also secretly record audio through the microphone and transmit the recordings remotely. Demonstration malware showed how it could retrieve phone identifiers over a network and record then send audio to a command server. Users are advised to carefully review permission requests from apps and avoid installing untrusted programs.