> Nothing at the OS level to prevent this

This is incredibly common practice and AFAIK not even discouraged by Apple.

The app sandbox constrains the local storage data to the app which created the unique identifier. There is no third-party tracking opportunity here.