Source needed. The amount in the article is staggering compared to what Google claims to collect which is in line with the (admittedly not definitive) DNS query logs I monitor every now and then. Also, much of it (e.g. location) can be disabled and there are Android phones that are entirely free of Google and Facebook.
I do know for a fact that Android contacts querries Google severs to pull data from Google services, like YouTube, to fill in extra contact details on the phone.
Knowing what Google's business is, I doubt they don't merge that data for a more complete profile.
You can try this yourself: Create a YouTube account, upload a picture for the account, don't add details like a phone number.
Now create a contact on Android, add a phone number (as most people do with contacts on their phone) and add the email address you registered the YouTube account, the Android contacts app will pull the profile picture from the YouTube account, and put it on the phone as the picture for the contact.
Gave me quite a little scare when I discovered this by seeing my YouTube profile picture as the contact picture on a (rather privacy and tech-illiterate) friend's Android phone, even tho I never added any phone number to any of my Google accounts, all he did was add my email address to the contact.
Unfortunately I can't easily test this as my phone doesn't have the Google Contacts app and I sync my contacts with a CardDAV server, not my Google account.
As I said elsewhere on this page, Google Play gets an update from your phone every 2 minutes 24/7 with a lot of privacy settings enabled. Turn on a firewall, I think it was disconnect that showed me this
The content of these updates is what is potentially concerning. Considering how much Play Services now handles, regular updates aren't that surprising, and like I said Android ≠ Google so this doesn't apply to all Android phones. The mechanism described in the article sent every visited URL in the browser and opened app or settings menu on the phone to Xiaomi.
