Why can't they? They control the objc runtime, and IIRC the way message passing works in that system requires throwing strings around with the involvement of the runtime.

This being entirely separate from using allowed APIs for unapproved reasons, after passing whatever review/scan is done.

Because you would need to check every message against a hash map of disallowed private APIs.

The performance degradation would be so significant it would render many apps and most of the OS unusable.

Or not allow all apps to send messages to the objects that host those private APIs. Again, unless I don't understand how the message passing system works in objc/swift. (most of my knowledge of the internals comes from reading blogposts on nshipster.com years ago)