> Apps that read inbound SMS may be malicious and use that ability to steal verification codes. Or they may not be actively malicious, and meerly handle the data in an insecure way that makes messages available to others.

Apple can't make that argument since they allow apps that scan SMS messages for spam.