I didn’t run an analysis…I worked at Apple for 9+ years…
…also they publish a security white paper that goes over most of this ground.
A typical $150 phone probably leaks many of the same things if it has the same services…but the people running the backend said are less concerned about customer trust & bad publicity, and more concerned about deducing your citrus treat preference & selling it to someone for an extra $0.18/phone in revenue. Or using it directly to fuel ad selection. So they rely more on policy to not deduce the “wrong” PII, or do “wrong” things with it, as opposed to cryptography, or never gathering the data. That is just a gut feeling though.
