Idk, I actually got the opposite impression. Most of the info is just what I would expect everyone to see: date formats, languages, various webview kind of stuff, network info. This is already more than enough for fingerprinting

> information such as apps installed

This is what surprised me too, but if you read their hint, it’s not like list API. They probe various ‘open URL in app’ to see what apps registered them, so are installed. I guess this i) won’t allow you to track apps that don’t have ‘open in app’ urls, and ii) probably hard to limit without affecting UX

> number of copy actions

This is odd, yeah, not sure why is it exposed

> last wipe

They deduce this from the volume creation date. Probably possible to hide, but also not really that important, at least to me. Fingerprinting will work with way fewer info anyway

To summarize, I think iOS is still very solid in terms of involuntary info exposure (if you trust Apple itself). Most of really sensitive info requires separate permissions. Yes, you can harden it further, but that will be more like a paranoid mode