Of course you can. You're entirely missing the point, which is that without a review process that sets explicit limits for how data can be used, developers will abuse system APIs to violate user privacy.
Restricting APIs doesn't solve the problem because there are plenty of APIs that apps need for legitimate purposes but can be abused by bad actors. Many of the APIs used for device fingerprinting would fall under this category.
We can go back and forth forever with what-ifs. It's nothing we cant overcome in the future.