It still has to run on the IPhone and ask for location, ad ID, etc. from iOS. Where the app comes from doesn't change that it must make the same system calls as everything else.
All apps on iOS need to pass App Store review, which means all apps that integrate third-party SDKs need to ensure those SDKs don't violate App Store policies, including policies on fingerprinting. Apple has already started to deny approval of apps using third-party SDKs that violate user tracking policies on iOS 14.
Of course you can. You're entirely missing the point, which is that without a review process that sets explicit limits for how data can be used, developers will abuse system APIs to violate user privacy.
Restricting APIs doesn't solve the problem because there are plenty of APIs that apps need for legitimate purposes but can be abused by bad actors. Many of the APIs used for device fingerprinting would fall under this category.
There's a difference between sneaking through App Store review and not enforcing anything at all. People still shoplift even though theft is a crime, that's not an argument against having laws.
No. Apple provides a door (advertising ID) but there's also a window (fingerprinting). Right now both things exist. Apps already have the ability to fingerprint users with data they collect and that's not sneaky.
That's a strange argument though. Apple forks over an advertising ID so that any app can fingerprint you with a single system call yet you complain that more apps might in the future fingerprint you themselves.
Without app review there would be no practical way for end users to avoid fingerprinting.
> That's a strange argument though.
Only if you don't consider consent. A user opting-in and enabling the advertising ID is very different from a bunch of apps using third-party SDKs to fingerprint their device without asking.
