At least on iOS, it doesn't access the GPS directly. It asks the OS for updates to the device's location with a certain degree of precision. It's up to the OS to blend various sensor data (GPS, cellular, Wi-Fi, Bluetooth beacons - the latter is used underground to get a good position fix without a line of sight to the sky) and send that to the app. If it was using GPS continuously it would drain your battery very quickly. So if the device can get a good idea of its location via Wi-Fi/Bluetooth, it will not even bother turning on the GPS.

I see a vulnerability in that - spoofing location data is not hard. I really hope this doesn't lead down the path of transport operators introducing DRM-like rootkits, but unfortunately the concept of relying on data from devices owned by the user is always going to be at odds with preventing dishonest use. I'd much rather use a smartcard which, whilst tamper-proof and not modifiable by me, is separate from my own devices and personal data.

There are many public transport systems that are not a subway. There are trains and buses that are wholly above ground, for example.

Yes, but underground systems are a substantial part of many mass transit networks, and even for those that aren't underground, GPS connection can't be considered reliable. Anyway if you are scared of Orwellian nightmares you shouldn't use public transport anyway as there are CCTVs everywhere.