The Apps ask for your permission, but they don’t tell you what they will do.
Researchers have found that dozens, if not hundreds, of iPhone applications exceed the credentials they ask of the user. These apps are actually selling the information they collect to third parties.
How is this taking place? According to the researchers, the third-party companies give the developers the pre-packaged code to insert into the application. With this code, the information gleaned is delivered directly to the third party. The application will request permissions, that is seemingly legitimate for the application, but the apps then go above and beyond in terms of how that information is being used. Information collected by these apps include Bluetooth LE beacon data, GPS longitude and latitude, Wi-Fi SSID (Network Name) and BSSID (Network MAC Address). Some even collect accelerometer information, advertising identifier, battery charge percentage and status, cellular network, GPS information, and timestamps for departure and arrival to a location. While the apps ask for permissions which allow for this collection, there is nothing informing the user that the information is being collected and sent to third parties. This is very troubling.
Apps rarely ask for more information about users such as exact location of height, battery status, and more. In the publication of the study, it is possible to find the applications and third-party companies that the researchers have discovered doing this activity. Some high profile applications such as Tapatalk for iOS can be found as a vendor engaging in these activities. You can see a full list of the applications which the researchers have discovered here, although this is by no means saying these are the only applications utilizing these methods.