So why isn't there a court proceeding against Qualcomm regarding a huge breach of the GDPR already? Why don't they have to fix every baseband firmware which does this kind of privacy breach? It shouldn't be allowed to receive or even store things like the device serial # or the list of apps installed, nor associate this kind of data with an IP address. And in fact it isn't, the user doesn't expect this necessarily, and therefore they should be required to pay huge fines *and* fix every device (even those which run a custom ROM).