Most ways to collect boot time are a "Required Reason API," so they declare through NSPrivacyAccessedAPITypeReasons, meaning AppLovin apps are (unsurprisingly) lying about what they are doing with the data. There's a fair amount of research into this, for example at https://mysk.blog/2024/05/03/apple-required-reason-api/ and https://blog.appicaptor.com/2025/02/05/apples-required-reaso... (which also documents a workaround that Apple's static analysis tools didn't detect at the time).

My general conclusion is: it's stupid that Apple continue to allow this and Trust Us Bro is not a good permission system to allow app developers do shady things, especially when research indicates that they are, unsurprisingly, doing shady things. Apple's static analysis based App Store approval system is also historically swiss-cheesey and I know they could do better. Overall, thematically a black mark on Apple, which has always been surprising for me because they tend to genuinely care about privacy in many other facets.