A good portion of the SDK usage in mobile apps is not nefarious. They're embedding it for advertising conversion tracking which would respect the "limit ad tracking" setting in your device's settings.
The problem is that beyond whatever functionality the developer of the app intended to use the SDK for, it also does its own thing of stalking the user even if the app doesn't end up using any SDK features at all.
Exactly my point. The third-party app is not nefarious, but the SDK is. A server side API would have a better chance of doing the useful bits without the nefarious parts.
I doubt many competent server operators would be willing to run Facebook-supplied binaries on their precious servers, especially given Facebook’s track record of SDK crashes. (Not to mention PCI requirements, etc.)
The problem is that beyond whatever functionality the developer of the app intended to use the SDK for, it also does its own thing of stalking the user even if the app doesn't end up using any SDK features at all.