Apple has a policy that apps (and their SDKs) must comply with IDFA, so if a user doesn't want to be tracked across the apps they use they can go to settings -> privacy -> advertising to turn off the tracking.

Doesn’t solve the issue of device fingerprinting. There are a lot of data points that can be used to create a near-unique fingerprint of a device.

Many iOS apps connect to graph.facebook.com without asking.

iOS doesn’t provide a system-wide unique ID however there is still more than enough data (WiFi network names, device name, device type, IP address, etc) that Shitbook can uniquely fingerprint a device and identify a user.