One thing that confuses me about iOS devices is when a gmail account is added to the mail program. It isn’t clear if it is adding SMTP/IMAP or if it is doing some web app type configuration and if that gives Google more access to track device activity.
This sounds like the modern OAuth-based sign-in flow (for IMAP and SMTP connections, authenticated by OAuth).
This helps avoid app-specific passwords when you use 2FA, and lets users use their regular sign-in flow (which could include enterprise SSO, TOTP, U2F key etc).
I imagine that there's the ability for Google to set some cookies as part of that process, although knowing Apple, would not be surprised to learn they had sandboxed that instance of the browser, to prevent cookies persisting into regular Safari.
