dfx actually gets the controller and hash of a canister through read_state call. You can also do that using low level API calls using agent-js.
However, only a controller of a canister can get its cycle balance and other info. This means, unless a canister’s controller purposely decides to expose such info to the public, they will remain private information.
One way for a developer to voluntarily expose such data is to use the black hole canister, simplying by adding the black hole canister id as one of the controllers of your own canister. Then others can send an update call canister_status to the black hole canister to get all status info including remaining cycle balance. It is useful and safe because the black hole canister itself is immutable. I also built a TipJar service to help monitor canister cycle balance and top up them when they run low, and of course, only those with blackhole as one of their controllers are supported.