Im not sure how they specifically bypass the features in other ways but I imagine some of it is from users accepting permissions under the guise of another use. For example, maybe you accept the microphone permission on tik tok to record video. With that permission in theory the app could now use it maliciously. Of course it should all depend on the users choice for that and im not sure beyond the scope of that.
TORfdot0 shared this comment below:
Someone else posted this report in this thread which does a good job of the deceptive practices and API calls the app uses to trick the user into giving permissions up willingly and otherwise collect data it shouldn’t.