The App Store requires apps to obtain user consent before doing any kind of tracking and only allows one method of identifying users (advertising ID), which the user can reset whenever they feel that apps are getting too creepy with their tracking. While there have been other ways to fingerprint users, Apple has been aggressively pursuing each avenue and closing them off.
> Apple has been aggressively pursuing each avenue and closing them off.
That is key. It is all Apple.
VPNs can be a powerful mechanism too, and you can see third party VPNs come up with solutions that are way more aggressive at blocking trackers than Apple [0]. And from what I know, Apple makes it hard for such VPN apps to flourish. Not long ago, they kicked Adguard and Malwarebytes out [1] (though they now let them back in).
The problem with VPNs is that while they can enable privacy on a deeper level than Apple can in some cases, they also potentially pose a grave threat, as seen with Facebook’s “research” VPN which got shuttered not so long ago.
It’s a tough problem because there’s no way to verify what’s happening on the other end of the VPN during the app review process, and even if there were its too easy to change how the VPN operates to pass review and then flip it back afterwards.
