In ComputerWorld’s article, https://www.computerworld.com/article/3708251/homeland-security-confirms-your-privacy-is-no-longer-safe.html, they confirm that some Federal departments have not been successful at protections articulated in E-Government Act of 2002 and the Homeland Security Act of 2002.
There are no remediation yet; however, users can go into their Location Services and ensure that apps are only permitted access to Location Services, as appropriate. Ideally, you should work from a positive security model and lock them all down and return their permissions as they come up and are vetted, but that seems very challenging. I’m surprised, at this point, Google and Apple’s Cloud service doesn’t have an applet to modify certain privacy settings more easily.