App store lock-in on iOS combined with terms incompatible with the GPL mean that some of the most privacy-respecting software cannot be distributed for Apple's mobile devices.
Apple proposed, but ultimately did not implement client-side scanning for end-to-end encrypted cloud storage. That such a thing even made it to the public proposal stage shows either incompetence (unlikely) or a lack of serious commitment to privacy (more likely). Apple's proposal may have emboldened EU regulators who are trying to mandate client-side scanning for encrypted chat apps.
Browser engine lock-in on iOS means hardened third-party browsers are unavailable.
The popularity of Apple's platform-exclusive iMessage service in the USA may be hindering adoption of cross-platform encrypted messaging. On the other hand, without it perhaps most of its current users would use SMS, which is obviously worse.