Even ignoring the ethical questions it is a massive waste of bandwidth. They could hash the libraries, and if they get a cache miss, upload that one from one person (or perhaps a few people, since everything is in parallel). They then know what system libraries their users have installed without wasting a ton of bandwidth.

Next step to reduce creepiness is to only upload info on system libraries that actually affect the app (so if some users experience crashes and others don't, they can trace it to differences in system libraries).