There's no shortage of testimony about this, such as Bigs's ITT, which also counts. But there are also studies. Here's a good article confirming it, and talking about mitigations.

While not every study provided clear answers, a general sense of agreement on the matter was reached due to hints in the User Agreements of several apps and social media platforms. [...]

These user agreements explicitly state recorded audio may be used for targeted advertising purposes. Interestingly, such practices aren’t against the law. This allows tech companies to push the privacy boundaries even further to encourage us to buy things we don’t need.

I don't think the AOSP has been compromised; it's done through proprietary apps with microphone access, including built-in Google ones. The first thing I do on an Android phone is disable those. Including the Play Store, which also uses your mic for targeted advertising IIRC. I replace that with F-Droid and Aurora Store, which is an open-source Play Store alternative that doesn't require you to log in either. Then there are apps you will want to give microphone access, such as Whatsapp. Either switch to open-source alternatives, or enable and disable access each time you use them to talk. This is inconvenient, but doable if you don't use it often. A more proactive method is to occupy the microphone with PilferShush Jammer, or monitor access with Vigilante. The former app would often use up my battery, but YMMV. You may also want to look into app sandboxing with something like Shelter (FLOSS) or Island, but I don't see how this will help you get around enabling and disabling the permissions constantly.