There is a big misconception here.

Apple only limits 3rd party tracking and access. 1st party tracking by Apple, a known bad actor, is not affected by all the security measures they implement.

Clearest example of that being that Apple backups everything to iCloud, which while offering E2EE which is disabled by default.

And since the whole ecosystem is closed by design, you have no option to circumvent that unlike with open ecosystems.