That is hard, we know. But it is not impossible for those with time, resources and willingness to think outside the box.
I assume that Apple has a hardware security module for key generation and storage, perhaps even custom-designed and built, to prevent key extraction/copying.
Of course, in the end you have to trust Apple that only a limited number of employees have access to such hardware, that they have proper auditing procedures, etc.
But the probability of a compromise can never be 0, unless you design and produce your hardware yourself, write all code that this hardware runs yourself, and never leave your computing device unattended. Since that is not practical for most people, you have to put trust in some third party.
If there's one thing that we have learned over the last few years from Snowden et al, we have learned that it is safe to assume that these state actors will be trying all the avenues that you or I can think of, and spend years discovering new ones that we have not thought of.
You make a good case that Apple are far ahead as industry leaders here; that seems solid. It's less solid that this means they are impervious, or that the thinking "I can't see any holes in this process, therefore there are no holes in it" is sound.
I assume that Apple has a hardware security module for key generation and storage, perhaps even custom-designed and built, to prevent key extraction/copying.
Of course, in the end you have to trust Apple that only a limited number of employees have access to such hardware, that they have proper auditing procedures, etc.
But the probability of a compromise can never be 0, unless you design and produce your hardware yourself, write all code that this hardware runs yourself, and never leave your computing device unattended. Since that is not practical for most people, you have to put trust in some third party.