The Wall Street Journal has published a post about a company called Anomaly Six LLC, that develop an SDK used by "more than 500 mobile applications".
Through that SDK, the company collects location data from users, which it then sells :
Anomaly Six is a federal contractor that provides global-location-data products to branches of the U.S. government and private-sector clients. The company told The Wall Street Journal it restricts the sale of U.S. mobile phone movement data only to nongovernmental, private-sector clients.
Anomaly Six was founded by defense-contracting veterans who worked closely with government agencies for most of their careers and built a company to cater in part to national-security agencies, according to court records and interviews.
How to reduce location tracking risks?
Amazingly, comes to our aid the NSA!
The U.S. National Security Agency (NSA) has published guidance on how to expose as little location information as possible while using mobile and IoT devices, social media, and mobile apps.
As the agency explains :
Location data can be extremely valuable and must be protected. It can reveal details about the number of users in a location, user and supply movements, daily routines (user and organizational), and can expose otherwise unknown associations between users and locations.