"Ask App Not to Track" just means the app will be denied access to the IDFA (which you can already do by turning on "Limit ad tracking" in settings). It's worded like that because this can't prevent the app from using something else (IP address or device fingerprinting) to track you.
Is the discussion moot if users can be easily fingerprinted without IDFA? It makes life slightly more difficult for advertising partners and social media companies, but not impossible. It's just a small additional barrier to friction that buys Apple some good PR.
That’s against Apple’s guidelines, violations of which will get your app kicked off the only distribution channel on iOS. We’ll have to see how this shakes out in reality, but as a deterrent it’s pretty strong.
Apple, almost exactly 2 years ago, revoked Facebook's enterprise signing key after shenanigans they had pulled with their fake VPN. Until that was fixed, Facebook devs were unable to install new builds on their testing devices.
Based on that history, I don't think Apple is scared of Facebook. They probably won't pull the app because it would be flipped back on Apple, but I'm sure they could find something to push back on Facebook with.
There has been an article on here just a day ago where the "app privacy" labels turned out to be false, so clearly Apple doesn't actually police this very well.
