Yes, Apple is also the OS vendor. What it would mean to say "Apple has no access to the user's device" is, whatever an average, unsophisticated user understands it to mean -- because their informed consent is ethically all that matters here.
It means precisely that Apple has no technical capability to remotely access the device.
It means any (consented) Apple software update leaves behind no hooks or backdoors that enable subsequent, remotely-initiated access.
It means there verifiably exist no code paths that allow remote exfiltration of data, other than those that pass through consent dialogs. The basic distinction between legitimate OS functionality, and malware.
But average users are clearly aware of many high profile iPhone features that inherently involve Apple “remotely accessing the device,” assuming you're include all cases where the iPhone software can be configured to send data from the device to Apple servers. That’s what all iCloud services explicitly do.
Yes, but the distinction between "stores private data E2E encrypted on a secure server" and "uploads private data for Apple employees to review" is a bright line. Informed consent means we can't extrapolate from one to the other, if we pretend to be ethical.
It's not as if Apple's marketing doesn't heavily emphasize the "private", "E2E encrypted" aspects already.
It means precisely that Apple has no technical capability to remotely access the device.
It means any (consented) Apple software update leaves behind no hooks or backdoors that enable subsequent, remotely-initiated access.
It means there verifiably exist no code paths that allow remote exfiltration of data, other than those that pass through consent dialogs. The basic distinction between legitimate OS functionality, and malware.