Imagine if nobody stopped companies like Facebook from just digging into and using things like private APIs or doing stuff that bypassed silly things like public/standard APIs that would normally prevent that or ask for permission from the user. It's not like they've done anything like that in the past for things like Android, clearly an upstanding company like Facebook or Amazon would never do that kind of thing in order to gain access to more stuff that normally they would be prevented from.
And no, some researcher finding out about that happening wouldn't really cause them to change their behavior. And even IF somebody outside of the HN bubble found out about it, I doubt the vast majority of people would change their own behavior and get rid of the apps or anything.
Apple is never going to build a perfect OS with no security holes and they'll never be able to 100% guarantee that an app isn't doing something like that. But the threat of having that activity discovered and Apple straight up removing everything from the App Store is enough to kind of force them into being a better actor than they would be if they controlled their own store. (see the incident where Apple found out about something Facebook was doing with their enterprise certificate and then revoked it, crippling tons of internal apps on top of their user-facing stuff)
