I'm sure that app developers who want to sell user data because it is big business will find a way to do so, yes.

Phones for the vast majority of people are a black box. Most of the users have no idea how their apps work or what data is going where and they don't know how to check. People who work in cyber security, or the tech field (engineers, coders, developers etc) who's jobs revolve around this type of thing know how to check and generally take steps to avoid apps and services that siphon up this kind of user data.

I know little to nothing about the Linux phone. I haven't tried it. I haven't delved into what it can do and why it's "not ready for prime time".

So all I can do is extrapolate from what we already know which is, these apps request permissions that a lot of people give them without thinking about it. People do this on windows and Mac too. Humans and their lack of understanding/preference for convenience are the main problem. That and there's no regulations that hold these app devs accountable.

These apps aren't breaking the TOS of the Apps stores they're on.

My hope is that a lot of the Linux phone apps will be FOSS. That way the code can be independently audited. That would be better than the alternative.