Over the past several days, a number of apps that share location data with third-parties have been removed. Upon removal, Apple has notified developers of their violations of two different sections of the App Store Review Guidelines.
Section 5.1.1 and 5.1.2 of the guidelines prohibit developers from trying to identify anonymous users from aggregate data and disallows sharing personal data without obtaining explicit consent. All collected data may only be used for "improving the user experience or software/hardware performance" related to app functions or for purposes of advertising.
Developers have been largely quiet about the matter for fear of reputations being ruined over how customer data is being handled. However, some have shared their notices and acknowledgement of Apple's crackdown on the sale of location data.
Apple's terms also completely disallow any targeted advertising based on HomeKit API or facial recognition tools. Data related to health, fitness, and medical applications also cannot be shared. Whether or not developers fully abide by these practices is up to Apple to enforce.
Due to the shear size of the App Store with more than 2.2 million apps and over $70 billion in revenue since its inception, identifying apps with malicious intent is undoubtedly difficult. Google has also faced similar issues of apps performing undesirable tracking of users, including apps targeted towards children.
At this time, Apple has not disclosed how many apps have been removed or specific developers that have been notified of policy violations.