Don't install native apps from hostile networks like Facebook; they hook into systems that shouldn't exist that were added as a privacy-compromising concession in order to avoid regulatory scrutiny into other systems that also shouldn't exist.

The history of IDFA ultimately boils down to one fact: that for whatever reason it was added, the protections in place now are still protecting you from a tracking system that Apple added. And Apple's standards on what is and isn't an acceptable line to cross regarding privacy demonstrably are not always as going to be as strict as they ought to be. Sometimes Apple compromises.

These apps are not safe just because they have Apple's seal of approval, there is a certain threshold of abusive behavior from apps like Facebook that Apple will tolerate. It is better to use a web browser so that (however imperfect it may be) you can get at least some small amount of real sandboxing.

Look, I'm not even saying you need to support third-party app stores. I obviously have opinions on that, but if you disagree and think 3rd party stores will make things worse, then fine. That's not my point. My point is: don't get the impression that Facebook's native app is safe just because Apple hasn't removed it. iOS doesn't have enough tracking protection to make it a good idea to use these apps natively on your phone or to make it OK to advise others to install them; they should be avoided and used only within a browser if you care about your privacy.