[tpxl]

This is not a violation by Facebook, this is a violation by the app developer.

[mschuster91]

Technically yes, but it is as much also FB's fault for providing an SDK that cannot be used without violating the GDPR.

[pilif]

but that's the point: It can be. Just add that key to the plist file and the SDK won't initialize and won't do any requests by default.

This is absolutely on the app developers. Not knowing what an SDK you linked does or doesn't do doesn't absolve you from GDPR (or any law for that matter)