[nautical]

This is not a question at all that this can be done or not ( There is no reason it can't all be done on-device. )

Question is will this be ethical .. I will not be comfortable using a device that logs every API an app on it is calling.

[nicky0]

Why would anything have to be logged? Apple phones already do this and have done for years. With no phoning home.

[mamon]

Access control is not the same as logging - the first time an application tries to access the API the OS checks permissions, asks user to approve/deny, and then stores the user's choice. No need to log the actual API calls at all, no permanent records needs to be created.