This is true, but the reality is that Apple doesn't have access to much of this data, and therefore cannot share it with governments. Hence the recent high-profile legal case between the FBI and Apple in America where the FBI were trying to strong arm Apple into cracking into a deceased terrorist's iPhone, but Apple said that it's currently not technically possible to do so. The American government is trying to force Apple to create a back-door into future versions of iOS so that they can break into people's devices, but so far Apple has refused on the grounds that it would be a terrible invasion of privacy, and if such a back door existed, then there is the possibility that access could fall into the wrong hands, which would clearly destroy all privacy.
Apple has some access to some data stored on its servers, but even most of this is encrypted, and can only be decrypted using the user's key which is only stored on the user's devices. Apple cannot provide access to data on the devices. I don't think iOS stores any location tracking data anywhere online - only on the devices. Although specific apps probably would store some of this online (eg, Strava, etc).
I'm not particularly an Apple fan boy, but I am quite invested in their ecosystem, so I take a healthy interest in what they are doing. Both for being better able to make use of the devices I have, and also to be reasonably well-informed about issues and problems with the devices I have.
Currently Apple and Google are working together to develop an application programming interface for both iOS and Android to enable COVID-19 contact tracing. It stores zero private data and zero location data*. I don't believe the Australian Government's tracing app is planned to use this system, so I suspect the Aus Gov app probably does store such private data.
There are two problems with this. Firstly, the privacy issue itself. But secondly, NOT using what is clearly intended to be a cross-platform standard for contact tracing means that the market for contact tracing apps will be fragmented into people who use the Aus Gov app and people who use some other app (eg, one that IS compatible with Apple/Google initiative). If there are mutliple apps being used in the same jurisdiction, then that will dilute its effectiveness severely.
*The way it works is that each phone randomly generates a unique ID every 15(?) minutes, and keeps track of all the IDs that it has used so far. Every time it is within Bluetooth range of another phone that runs a compatible system, it will exchange current IDs with that phone, and keep a separate record of every other ID it has come across. If a user tests positive for COVID-19, they enter that into their app, and all of the phone's recent IDs (presumably only for the possible infection period?) will be uploaded to the central database. Periodically, a phone will query the database to see if any of the other IDs it has been in contact with have been added to the list. It's a remarkably good methodology as far as privacy is concerned. Nothing is stored except for ID numbers. There is no way to connect these ID numbers with anything else, and just to be on the safe side, they change frequently, so that a Bluetooth hacker cannot consistently track an ID number for more than a few minutes.
Of course, app developers who hook into the new API may be able to get their apps to perform other tasks with the users' data which are more invasive to the users' privacy. But the API itself is quite sound.
I've no idea how the proposed Aus Gov app compares in this regard. I believe they plan to use a similar idea (as its based on a similar app used in Singapore), but I've no idea if they would be adding extra privacy-invading functionality as well.
), just take on board the risk to the indigenous population, both local and remotely placed. It does not matter how remote an environment you are walking in, 
.
