I think the solution should lie with Apple as well since it's higher up the stream. Otherwise you'd need to have every app do this check - seems more efficient for Apple to just handle it.
I agree that Apple should do this. Malicious developers will exploit what they can. But this is just silly:
> Otherwise you'd need to have every app do this check
Do what check? When you ask for location data, all you have to do is say "you won't give me that? Okay." This app seems to have asked for location data, but instead said "you won't give me that? I'll go out of my way to get it anyway." There is no need for an explicit check. It is less work to do the right thing.
I meant that every app would have to do this location data stripping. It's unlikely that apps would bother to do this - more out of an oversight than maliciousness. Having Apple do this would avoid the problem of apps forgetting to implement these types of checks.