These sorts of tracking SDKs are endemic in apps; it's impossible to give, say, a delivery app your location permission without also giving it to all of the advertiser/analytics SDKs embedded in that app. The app developer may not even be fully aware of the data the embedded SDK collects. Some are distributed (to app developers) as compiled binaries.
Any app with a facebook login button, for example, is transmitting some of your activity data (with coarse geolocation from your IP) to facebook, even if you don't use the facebook login button.
Google and Apple could ban this sort of stealth location tracking (via the widespread practice of ad company SDK embedding) in the mobile app stores, but they don't.
The real villain in this story is CBP, not sure why the focus is on the IRS. The IRS is investigating fraudulent taxes, whereas the CBP is documented raping, torturing, sterilizing both citizens and asylum-seekers, and separating children at the border.
Any app with a facebook login button, for example, is transmitting some of your activity data (with coarse geolocation from your IP) to facebook, even if you don't use the facebook login button.
Google and Apple could ban this sort of stealth location tracking (via the widespread practice of ad company SDK embedding) in the mobile app stores, but they don't.