10 years ago if you made software that uses all kinds of lies and dark patterns to get access to a user's contacts list, uploads it to your server and then you did data mining on it, people would be concerned and consider the software malicious.
Likewise with analytics - tracking every single action you do in an app (along with generic metadata such as IP addresses - which often leaks your general location and your relationship with anyone on the same network since you'd be sharing the IP address with them) would have been considered spyware.
When there were talks of tracking people for ad targeting in the early days of the internet people (rightfully) freaked out, even though that tracking was really primitive by today's standards.
All of those things are now considered legitimate and are routinely done.
