They don’t. I mean not in a “oh trust Meta way”, obviously don’t, but…
These privacy cards are self reported by the developers and have nothing to do with enforced API or data access.
Obviously not reporting something like identity while asking for the user’s real name on the first screen is likely to be noticed by AppStore review, but it’s just as possible for a developer to check every box to cover their ass (what Meta likely does since let’s be honest they do vacuum up everything you type into the app at a minimum) as it is for a developer to check no boxes and still be collecting various bits of info. Which is of course why things like HealthKit actually have on device permission screens and need access confirmed by the user directly.
And of course a user giving or not giving direct permission is very likely used in any fingerprinting that they’re doing
I always feel like folks who are using LinkedIn as actual social media where they post are doing it wrong. It’s useful for one specific thing and as soon as you start posting your daily thoughts or whatever then the whole thing falls apart.
If you know me you would have messaged in some format that is more reliable than calling on the phone.
If you called you either don’t know me or it’s important enough you can leave a message.