Re: Why don't [they] just ask Facebook?
"Is there an easy way for people to check whether their phone(s) or other devices are infested by this Facebook Graph API pestilence?"
You can check here:
You might be surprised what is inside some of your apps.
Or you can do it manually using ADB by taking a SHA 256 sum of installed apps using PM and check the SHA sum against Virus Total results or by running dexdump.
(I believe Exodus goes into detail on how they checked for trackers)
You could also extract the APK's from your device and use any number of open source decompilers.