While Android promises to prevent applications from exchanging tracking data directly, this sandbox is brittle and allows apps to share data across apps and the Web. We found HyTrack, a robust new tracking technique for Android. Apps could use it to track you extensively and then sell your data or generate revenue with personalized ads outside your control! HyTrack is independent of standard tracking techniques such as AD IDs or fingerprinting. Trackers can use it to track your application usage across sandbox barriers in multiple apps and websites you use in your default browser. HyTrack abuses a new browser feature called Custom Tabs and Trusted Web Activities. Hytrack is both covert, hiding perfectly in plain sight, and additionally, it is Hydra-like! It is hard to get rid of: If you attempt to delete parts of it on your device, it will regrow. Hytrack will survive re-installations of applications and other deletion attempts. Even getting a new phone will not help you if you don't take precautions. In multiple studies, we measured whether applications in the wild already use HyTrack. We will discuss the mechanisms behind HyTrack, check which browsers and devices are affected (Spoiler: all major Android browsers), and discuss possible mitigations and why defenses are non-trivial. But it is vital to discuss defenses right now, as it looks like we discovered HyTrack before the trackers did. Therefore, we should act now, both individually and as a community!