I alwayse check this before downloading apps because i dont want apps to spy on me. And what i noticed in practise is that usualy payd apps offten dont collect any data and even if they do its less data than free apps.
So obviusly they collect that data to sell it and to make money that way. And if you think only big companies for advertising buy that data you are wrong.
Gowermants, secret organizacions and milioners who want to control your life is bying that data the most.
That’s the idea anyway. In practice, half the apps ask for it on first setup so (tech-illiterate) people are expecting the prompt and know to click yes next finish
It’s still the developer’s choice when the prompt is shown, just that it moved from AndroidManifest.xml to executable code so now they have the option to not ask until it’s actually needed and handle denies gracefully (in practice, half the apps just close if not every useless thing is granted)
I also seem to remember it’s a policy of Google’s that permission mustn’t be asked until required, but if I remember this right, I’m either not using enough of their store-vetted adware or they’re not checking this properly