Mobile Apps run on top of the operating system (ie. Android) and request permission to take certain actions. These permissions are listed in the application’s manifest and are approved during installation. They’re also listed in each App Store listing to inform users of access requests prior to downloading and installing the application.
Now just because an application requests permission to say your devices’ GPS coordinates that doesn’t necessarily mean the app is doing anything with that information, but you can rest assured that your GPS coordinate information is safe from apps that do not request this permission.
So apps that need GPS permissions are unsafe and those without are safe?
GPS permissions are just an example here, but to build on it, an app can request GPS permissions and still be considered safe. A combination of permissions is typically required to exclude something from the safe list. GPS alone, no problem. But GPS plus Device ID plus Full Network Access allows for tracking, whether that is a feature of the app or not.