The ironic thing is that you can actually implement Facebook login in a privacy-respectful manner by using standard oAuth where Facebook is only contacted when the user decides to log in with it (which is mostly fine as they have an account anyway and thus consent to Facebook tracking).
It's likely that apps that load the SDK are using other features of it, such as Facebook Analytics (which is similar to Google Analytics), not just login with Facebook.
