Not the point. The point is that they've done enough to legally respond to government requests by saying "we don't have a way to access the data". Hacking customers' phones, regardless of how easy it might be, is far beyond the scope of anything that a US court can order a private party to do.
That's probably not quite true. Take an app that the user is already likely to have given access to their photos, like Facebook. Create a malicious app with the same app identifiers, sign, and push to the user. At that point, the phone thinks it's Facebook, and should allow access.
That said, it'd be kind of unsubtle, and they'd probably get caught.
I assumed it was primarily the review process ensuring that the proper sandbox configuration was included in the bundle and applied to apps at runtime, checking for private API use automatically etc, and that Apple could probably ignore their own restrictions if they chose to, especially those private APIs.
iOS won't let even the most permissively configured, "unreviewed" app do things that apps aren't supposed to be able to do?
