Sure there are secondary affects. However they are mild comparatively

The two options:

- someone full discloses a 0-day. Apple is embarrased, users can take mitigating action until its patched. Apple is probably forced to patch. End result: really embarasing for apple. Small risk to users that's pretty ephemeral.

- sell to highest bidder. Black market or at best grey hat. Exploit is used against users. Nobody really knows its happening. Maybe that eventually comes back to give apple a bad reputation, but not likely to happen in the short term.

One of these courses of action disproportionately hurts users a lot and apple not very much. The other hurts basically only apple and users very little. Even if you argue that the black market might eventually hurt apple a little bit, its still a very small hurt.

If your goal is to piss off apple, it seems clear that full-disclosure is the thing to do here. If your goal is just to clear your concious on the morality of selling exploits to bad people who intend to use them to do bad things - while i'm sure you'd find a way to justify that no matter what apple did. The human mind is good at self-justification.

> More importantly, their failure to pay or honor their commitments

What commitment? A bug bounty program isn't a commitment to do anything. Its not a contract or a work agreement. At best its sort of like a contest.

But even disregarding that, i'm not sure this bug even is in any of the categories they list. What they say is: iOS user installed app can access sensitive data including Contacts, Mail, Messages, Notes, Photos, or real-time or historical precise location data. i'm not sure this fits.

Is apple being a dick? Yes. Are they breaking commitments they made? Not super clear.