Re: 'The nature of some data may also surprise. App developers receive your age and gender'
I was with you until the second word of the second paragraph. "Leverage" is not a bleedin' verb.
The truth is that Android is a system to turn a smartphone owner into a product. The only way to successfully avoid that is to strip out Google services framework completely which, in essence, means running a custom build of AOSP/LineageOS/AOKP/Omni without the final flash of gapps. Then add F-Droid, YALP¹ et al.
Even then, you have to be bloody careful. aGPS will quite happily talk to Google's SUPL server and quite literally hand them your coarse location along with device specific information. If you have a Mediatek device², their proprietary GPS core will also talk to their server. All of this is before the networks get involved.
As for Android being open source, the first time you build your own derivative you'll realise just how much of it isn't. Even Qualcomm based devices, the vendor most likely to play nicely with your *droid freedom project, is chock-full of binary blobs from the obvious RIL/modem (pretty much expected as raw access to this can be used for all manner of nefarious things) down to simple peripheral access.
It's a shame the Replicant project was such an epic fail but that was to be expected. The smartphone environment deliberately doesn't support full freedom as most devices are simply loss-leaders which enable access to the real product: You.
¹ Take no notice of apps that declare they're GSF dependent. Parts of them may be, yet they're usually deep down betrayal bits that don't affect core functionality. Of course, if you're installing even one closed-source app from GP through YALP, all your hard work deGoogling your device has gone out of the window anyway.
² Avoid at all costs. They almost always turn out to be landfill devices.