[nodamage]

Maybe in the Facebook app, but not necessarily in the Facebook SDK which is integrated by other apps for ads/auth/analytics.

[manigandham]

SDK abilities don’t depend on the storefront, that’s up to the OS. Apple store is just informational.

Either way users should be able to choose what they install and from where.

[nodamage]

All apps on iOS need to pass App Store review, which means all apps that integrate third-party SDKs need to ensure those SDKs don't violate App Store policies, including policies on fingerprinting. Apple has already started to deny approval of apps using third-party SDKs that violate user tracking policies on iOS 14.

[2OEH8eoCRo0]

You can do your own without dealing with SDKs.

This isn't a problem if Apple ups their game and actually competes to keep people on the App store despite having real choice.

[nodamage]

Of course you can. You're entirely missing the point, which is that without a review process that sets explicit limits for how data can be used, developers will abuse system APIs to violate user privacy.

[2OEH8eoCRo0]

So be more strict with system APIs?

We can go back and forth forever with what-ifs. It's nothing we cant overcome in the future.

[nodamage]

Restricting APIs doesn't solve the problem because there are plenty of APIs that apps need for legitimate purposes but can be abused by bad actors. Many of the APIs used for device fingerprinting would fall under this category.