"One iPhone app, Pumpkin Maker (a pumpkin-carving game), transmits location to an ad network without asking permission."
That is flat out impossible. I am an iPhone developer; there is no way for an application to obtain user location without the user being prompted if that is OK.
It makes the rest of the conclusions very suspect to me. Just how would an app get age and gender? Again I cannot think of a way that is even possible on an iPhone without being asked; no-where on my iPhone is my birthday or age stored.
Impossible? Anything's possible. http://blogs.wsj.com/digits/2010/12/19/how-one-apps-sees-location-without-asking/