Is there a virtualization app/service that can sit between the OS and an app that allows me to see or restrict what an application actually sees? For example I may allow it to see my public contacts rather than all contacts. Or, I may provide it with a location once rather than whenever they request it.
Some google searches for old custom roms for Android would help. I recall stuff like this in non-commercial 2.0-series android custom roms.
For a very specific example of the genre, pdroid and its numerous clones (some of which were trojans as I recall) from around 2011 seems to almost perfectly match your request.
You know you're in deep when you have to root your phone, install a custom rom, then patch the custom rom, just to limit how much you're getting spied upon.
