Well, what do you consider a permission? Adding two numbers together? Division? Putting a window on your display? Playing audio out your speakers? Sending a print job to Apple's print services, so the printer dialog pops up; The app in that case never directly talks to the printer but just gives the document data to an Apple API that then talks to the printer driver. - And so on. Permissions only really make sense if you have a model for what permissions exist. If you don't have a model for a permission then there's neither a concept of blocking or allowing it, it just is.
With that said, Apps generally run in a fairly confined sandbox by design. In addition to the permissions you allow or deny as a user, the developer will register the functionalities the app may use in certain categories, like location services and using the network (with separation of listening on a socket versus connecting to a remote socket). This means that even if the app gets taken over by a malicious actor, the malware won't be able to utilise un-needed functionality through that app.
As for being identified, Apple generally is pretty good about trying to protect your privacy and if you don't explicitly allow identifiable tracking, there is nothing directly made available by the OS that intentionally facilitates that. However, fingerprinting is a very big field of its own. And it doesn't matter if you run a browser based program or a local application instance, you will be fingerprinted. Everything from the way you use the application to the data you use the application with, to the information about your system - recovered directly or indirectly - to factors in your surroundings. Especially websites with an interest in advertising, but certainly also advertising focused applications, will use all this data to uniquely identify you even if they cannot have unique IDs.
There was a recent paper I read about identifying specific GPUs even from within the same model of GPU through a bit of invisible WebGL. With fairly high certainty they could discern the little manufacturing differences between similar models of laptops based on how the GPU code was executed (timings).
This isn't utilised by everyone; Far from. But among free, and especially ad-supported software it is not too uncommon either to see a lot of fingerprinting techniques.
If you're using the App Stores, apps will have privacy labels that are good at informing you what kind of data the app is collecting, if it's identifiable or anonymised, etc.