A lot of users don't understand that permissions are optional. They just tap to make the boxes go away. So the app developer stealing your data isn't insulated from being unethical just because they gave you a series of dialog boxes on installation.
So to answer your question: your contact list, location, connected Bluetooth devices, your photos, etc.
If the implication was that web fingerprinting has gotten really creepy too, then I agree. Unluckily, I don’t think I can do justice to the matrix of “depending on permissions” x mobile OS x valid but overly broad permissions in a comment. Apps can and do take anything you give them, active status, location, other installed apps, battery charge percentage, etc.
A lot of users don't understand that permissions are optional. They just tap to make the boxes go away. So the app developer stealing your data isn't insulated from being unethical just because they gave you a series of dialog boxes on installation.
So to answer your question: your contact list, location, connected Bluetooth devices, your photos, etc.