> do you seriously consider counting how many installs are triggered from a download "spying"?
Yes. It is a unique identifier that they are fully capable of associating with telemetry data and other personal activity. It could be used by various parties to deanonymize me. That is spying. You are playing dishonest semantic games.
Effective privacy may well be complicated. Perhaps you can maintain effective privacy in various ways even while being actively spied on in some manners. That doesn't mean that spying isn't spying.
There is a very large difference between "X is spying on Y" and "X could spy on Y if they started to record and correlate things". And even "I don't trust them not to" is not the same as "they are". A lot about privacy involves not looking at things you could look at.
E.g. picking the example mentioned repeatedly in this discussion: Network transfers annoyingly involve IP addresses. That doesn't mean every server you talk to is spying on you, and there is wide a range from "doesn't record anything", over "keeps a log of errors for 5 days that's only used for debugging", over "looks in GeoIP database and counts visitors per country", to "immediately connects your IP to your user profile and shares that data packet with 50 ad networks". I have a hard time calling the first three "spying", it starts IMHO somewhere after that. And annoyingly, telling the difference comes down to trust at some point.
Or even simpler, I could trivially spy on my neighbors with what reaches my apartment. I don't though.
