I am not an expert in this at all, but I would think they would need special permission from apple; many of these undocumented APIs get your app auto rejected.
My impression was that involved a great deal of trust, and if they breached that trust Apple wouldn’t hesitate to smite them. Recording people’s mic seems like it’s pretty harmful to the iPhone brand... But you are right, this could be happening today, and Apple is giving them too much trust, and the smite-ing is yet to come.
Not disagreeing but this is this the hook... facecrook on one hand, you would think would want to save face from a pr perspective. However, on the other they have huge economic incentives to not give af. Given their track record we as individuals assume the best at our own peril.
