Thanks! I think I’ve seen so many references to how it’s so easy to identify devices by their fingerprint that I’ve maybe exaggerated the risk. It doesn’t help that a lot of the information on fingerprinting seems to be vague - probably because we don’t know precisely what any privacy-invasive actor is actually doing in terms of fingerprinting.
I suppose it may also help in this specific example that although WhatsApp-the-app can query all sorts of hardware properties for fingerprinting, in order to have a fingerprint which can be matched with that of the browser fetching ads/like buttons/tracking pixels on random pages, the fingerprint can only be based on something which is also exposed by the browser.
It might even be the case that some things useful for browser fingerprinting are not available to WhatsApp-the-app. For example, presumably WhatsApp-the-app can’t use canvas fingerprinting, as it will have access only to the system webview (on Android) which is not necessarily going to render things the same way as (say) Brave.