I believe Verizon was caught inserting super-cookies with an ad tracking identifier. But that method was much easier back when the majority of the web was just http.

It's been happening at a large scale for a long time as part of the broader fingerprinting initiative by advertising companies. A lot of people think their phones are listening to them, but it's more like they're using heuristics about who you regularly interact with and what they've been searching for. It's disturbing. For example, I recently started getting very frequent and consistent ads across many websites from Warby Parker for the pair of glasses my gf was currently wearing. I asked her, and of course she had been looking to replace them on the same WiFi network.