This is all a huge mess actually. Android got much better controlling these permissions, including to regularly restrict them for apps not used but still ... I like sharing my location with friends and family and the only tool that really works for that is WhatsApp. But I do not like to share my location with Facebook but even if the messages are (supposedly) end-to-end encrypted, I'm pretty sure the location ends up on servers or ... what do I know? How can I know?

Even if I figure it out, how would that scale? 95% of people couldn't care less if their phone broadcasted their location 24/7. They would get angry for a second and share a rant but then continue accepting it.

Now there you see something about a third party ... this is information that you would not get if the provider of the product wouldn't tell you. I assume that any data leaving my device gets into the wrong hands eventually. If not by standard procedure then it still can get there through hacks or the DB admin selling it. 

 right. you can't choose one or the other. it's all or none. not good. 

 Third party = 3 letter agencies and UN / WEF contact tracing databases so they can lock you down commie style.