I'll tells ya!
Not sure if ulstrasonic cross-device tracking is still a thing or not, bit it might have played a part. See slide 29 here: https://www.blackhat.com/docs/eu-16/materials/eu-16-Mavroudis-Talking-Behind-Your-Back-Attacks-And-Countermeasures-Of-Ultrasonic-Cross-Device-Tracking.pdfI can't add any more to this conversation and by the sounds of it @johnny you probably have the opinions of some of the top minds in the field but I do have an example of how your phone can link to larger identification issues.
A few years ago I sat down at my work computer at a large government department, opened my browser and went to YouTube to put some music on while I worked (they have blocked the radio because it took too much bandwidth). YouTube promptly loaded up a mix of all the kids music we were listening to at home. It took YouTube about 1.5 years to locate where I worked but it finally managed it. I wasn't logged into YouTube at home or the work computer but it still worked out that the person listening to music at this location in Canberra just logged on to a reasonably secure computer at this gov department. The best I can establish is through a combination of multiple sources of not secure data (eg wifi signal at work that my phone can see but not use, timing from home to work, some similarities between music played etc) it worked out where I was.
This may not sound like a big deal but the more I thought about it the more I realised if YouTube could put those two locations together and work out who I was then essentially anyone could use my phone to connect me to online activity elsewhere, especially an environment where we don't control the software/apps we can use eg. work.
I'm not sure when that above PDF was made but it must have been a couple of years ago as it's been a couple of years since it was shown that ultrasonic code can be detected by the micro electro-mechanical gyroscopes in any device that measures tri-axis movement (as in when your screen switches from landscape to portrait, or a game measures which way you're holding a devices, etc), and information can be received by your device without consent. Read about it here: https://caslab.csl.yale.edu/publications/matyunin2018zeropermission.pdf The point here being that even if you disable your mic, you're still susceptible to receiving information without consent.