I have found similar too. I was going to post on f-droid about it. I tested several apps that attempted to get my location that did not declare they require that permission. Two of them behavior was very similar. Proton Mail and Secret SMS both instantly attempted to get my location when I touched the "compose message" button. Permission manager displayed the warning and gave me the option to deny location access.
Those snakes. You know full well if they CAN get away with it that they will even if they say they don't or won't. Dirty dogs always searching for a free buck.
Well it come as no surprise to me that apps from Google play would do such and the Proton Mail app did come from Google Play. What did surprise me was the SecureSMS app (I called it secret SMS before in error) This app came from f-droid and now I just decided to check if this is just related to privacy apps or not so I downloaded Open Key Chain from f-droid and sure enough, when I touch the "generate my private key" button... SECURITY WARNING OpenKeychain is trying to Obtain your current position. Deny Allow
Yes for real and it doesn't say it requires that permission either on the f-droid site or on the phone when I installed it. So far the apps I found that did this are all privacy/security related. They are; Proton Mail (Google Play) Secure SMS (f-droid) OpenKeychain (f-droid)
Someone is obviously not paying attention! Maybe they're using standard templates, without thinking it through. But damn, you'd think that someone would have noticed before they released.