That's probably not quite true. Take an app that the user is already likely to have given access to their photos, like Facebook. Create a malicious app with the same app identifiers, sign, and push to the user. At that point, the phone thinks it's Facebook, and should allow access.
That said, it'd be kind of unsubtle, and they'd probably get caught.
I assumed it was primarily the review process ensuring that the proper sandbox configuration was included in the bundle and applied to apps at runtime, checking for private API use automatically etc, and that Apple could probably ignore their own restrictions if they chose to, especially those private APIs.
iOS won't let even the most permissively configured, "unreviewed" app do things that apps aren't supposed to be able to do?
They could order Apple to disclose signing keys so that the government can install spyware themselves. See http://en.wikipedia.org/wiki/Lavabit#Suspension_and_gag_orde... for a case where they have done something similar before.