A lot of them don't know they're doing it. The tracking itself is embedded in dependencies of dependencies. SDKs you add for legitimate purposes. Along the way it's sent from platform to platform. Analytics, add targets, and eventually data brokers. Data brokers then sell it to other data brokers or the government.
If you're lucky, it's pseudo-anonymous. Of course it's actually not - aggregated location data is inherently not anonymous.
Yes. The french newspaper Le Monde recently did a piece on how easy it was to find every moves and the home adress of sensitive people (elite special forces, nucleat submarine engineers, president bodyguards, etc) by exploiting the free sample of a data broker.
They were stunned to see lemonde's app appeared as sources inside that excel file because of SDKs in their app.