The stuff about recording your camera/tracking eyes/recording mic are all bullshit (ish). That stuff is all possible, and does happen, but not from popular apps. You don't really need to worry about that unless you're going to really dodgy websites (and giving them access to your camera/mic), OR if you're a high profile figure who may be targeted by far more sophisticated attacks. These privacy invasions are uncommon in popular websites and apps because it's very easy for users to discover that kind of data/processing usage, and the blow to their reputation is far more expensive than the profits they'd get from recording you (not even sure what the commercial incentive would be for that). There are thousands of nerds like me in the cyber security industry who monitor websites network activity for this kind of shady shit, so they wouldn't get away with it.
Location is a far cheaper (and less conspicuous, data-usage-wise) process, so far more apps will be recording that. Google, Facebook, Apple, and likely dozens more companies know exactly where you've been throughout the day, whether by GPS or by wifi (maps of the locations of different wifi networks exist).
As for targeted advertising - any app or website that has a share button for Facebook or other apps is most likely sharing your usage habits with those apps. This is a symbiotic relationship for the apps/websites, because letting Facebook know you've been searching their site for X means Facebook will start showing you ads for X, and you might go and purchase from them after seeing that ad. Many believe their phones are listening to them because their targeted advertising is so specific, but the reality is they don't need to listen to you. They get far better info from your searches and browsing history.
Sorry no sources at the moment because I'm at the gym, but I guess my source is that I graduated with a bachelor's in cyber security in February lol.