US carriers have a loose grip on users' location information
As it's often the case, there's a middleman in the process, and what it does raises concerns.
Mobile carriers find it too inefficient to ask for permission every time a company requires location information for a certain device, so they use third-party companies that pay for the information and handle individual permissions. This creates a barrier that prevents the carrier from knowing what the information is used for, but as long as the middle man is doing what it's supposed to do, they're in the clear.
Unsurprisingly, some companies are not diligent about the whole process. One such company, Securus, allowed law-enforcement agencies to use a specially made website to find the location of any individual, not just the ones it had permissions for. But the company wouldn't let anyone look up location information, the website required users to upload an official document that would justify the search. However, there was no way for the system to check if the document is a valid search warrant or someone just wrote "I want to know where this guy is" on a piece of paper and scanned it. So, it seems they did let anyone look it up. Understandably, carriers are no longer working with Securus.
What makes it harder for carriers to keep a watchful eye on these companies is that there are so many of them. For example, Verizon reluctantly shared that about 75 companies are using location information it provides. Sen. Ron Wyden is spearheading the efforts to make carriers more open about how the sensitive information is used and what measures they take to protect it. The FCC also involved and will investigate if there have been further violations.
Before you say that there shouldn't be any sharing of that information, keep in mind that it is also used for services customers actually want. Banks use it to prevent credit-card fraud and roadside assistance companies use it to locate customers quicker, to name a couple.
It's not the first time private information has been misused, and it's unlikely to be the last, but every time a company faces consequences for doing it, protection for consumers gets a bit better.