The phone then reports this seller's ID to some central server. Does it also report geolocation data?
FYI, Google product teams have to develop privacy design docs for all new products, and the designs have to be reviewed by the privacy team (or their delegates) and pass the privacy review before they can be launched. Although Google set these processes up before the FTC settlement, I believe they became part of the consent decree and are now mandated by the FTC and validated in regular audits, so Google can't skip or violate them without potentially-significant consequences.
Disclaimer: I'm not a Google spokesperson and this is not an official statement. It is my personal perspective on the process and requirements. However, I'm a Google engineer who's been involved in launching privacy-sensitive products, so I think my perspective is accurate. I also do security reviews of Google projects, which sometimes touches on privacy issues (though privacy review is separate from security review, as it should be).
[*] Just to head off a likely riposte: No, StreetView Wifi collection and the Safari do-not-track workaround are not counterexamples. They predated the privacy review processes and, as I understand it, were part of the motivation for establishing the processes.