If both of those are true then your concern is of the form "ANY party records audio data and sells it".
Which is why we don't want random apps having permanent mic access. Or permanent anything access. This is why data mining is bad, not just because the party doing the mining can get the data, but because they can sell it to third parties who combine it in unexpected ways to leak data that you really don't want to be public.
Totally agree. Although now might be a good time to raise the issue that "an obfuscated single-line mention buried in a 60-page clickwrap license presented in an 80x4 character window resulting in over 9000 pages of bullshit that you can't possibly realistically read does not 'consent' make".
Which is why we don't want random apps having permanent mic access. Or permanent anything access. This is why data mining is bad, not just because the party doing the mining can get the data, but because they can sell it to third parties who combine it in unexpected ways to leak data that you really don't want to be public.