Comparing a small project like that with the vast cyberstalking industry we call advertising today isn't going to yield similar results if the conspiracy theory is true. I can make a full tracker that drains the battery like crazy but that doesn't mean the smartypants who know when women are pregnant weeks before they do themselves can't come up with a system that's more efficient with acceptable data granularity.
Worst case scenario you succeed, and you've built yourself the torment nexus. If you publish your results, you'll have to publish the torment nexus to prove you don't have anything up your sleeve, making the world slightly worse for everyone else now that there's an accessible torment nexus ready to go. If you don't publish your torment nexus, nobody will believe you. Hell, if you succeed, you might've actually invented the thing! At best, the result of your success is knowing for sure you _could_ be spied upon any time, anywhere.
There's probably a much easier method to know for sure: work for advertising companies and learn their secrets.
Good points. Though I there are other options - e.g. build a proof-of-concept in a closed environment, e.g. as an university project, demonstrate it with a small (but still sufficiently large) group of people, so you have witnesses and publish a paper about it.
I know the prevailing wisdom is to always publish your code with a paper, to ensure maximum reproducibility, but this would be a valid case where you DON'T want to make reproducibility easy.
It's essentially the same dilemma that security research already has today: You want active research into vulnerabilities to be able to close them, at the same time you don't want people abusing your research to exploit them.
There is also the point of how feasible such a system would be to deploy on new phones. E.g. if you require a rooted phone and a custom Android image, chances are relatively slim your system will be used in the wild.