If not Legal then it is at least Immoral
First of all I accept that, for purposes of troubleshooting, certain historical datasets are needed. For instance an LG handset with a slider keyboard counts the number of slide operations.
Likewise collecting the last 30-50 cell sites or a similar number of WiFi transmissions (1) If used by the handset in question; (2) Used within the past 7 days; and (3) accessible only to a 'local' service need (i.e. a technician troubleshooting the handset) is OK.
However, TRANSMISSION of this data is wrong and IMMORAL. This involves, usually without INFORMED user consent, the collection of geolocation data (otherwise for what use would it be) and an IDENTIFIER (no identifier reduces the use of the data) and THEFT OF TELECOMMUNICATIONS.
Apple has admitted it has collected data for up to about a year. What use can this aged data be used for?
I do not accept for a minute that it was an oversight. Any software author knows damn well how difficult it can be to get an authorised service to function properly. This infers that a great deal of effort went into this data collection. What triggered a collection and what triggered a transmission?
Then let's consider the transmission. Handsets and cell sites have strict protocols and even if such protocols were successfully navigated, how was the mass transmission of this data 'ignored' by Apple. Stray strings of data, in my experience, almost always result in a Request for Retransmission/NAK and almost always GUARANTEED to trigger an alarm.
This implies either Apple has sloppy server software that ignores certain transmitted data - which requires programming or they are lying - again.
Apple has had sufficient problems with Lemon 4 software for it to have checked, and cross-checked, almost every line of code used in the handset if only to save 'face' in the case yet more weaknesses are exposed.
It is common to find notable 'remarks' in software code but the comments are short whereas Apples data collection code would be far lengthier.
I personally would have less concerns with data collection if (1) Apple and Google, etc. were up front about it; (2) if users had control over transmissions; (3) if users were compensated for transmission time.
No one needs to know a users location unless a handset has gone 'rogue' and cellco's already have plenty of ways to minimise interference since almost all handset operations are subject to their control.
Authorised entities can already interrogate a handset's GPS function without the knowledge of a user so why is it necessary for a MANUFACTURER to know where it's products are?
Since Apple et al cannot be trusted to practice proper privacy it is incumbent upon legislators to put in place the necessary laws, with large financial penalties, to ensure compliance.