[beagle3]

While it was likely easier to exfiltrate data this way, you can rest assured that if they want to exfiltrate it, as the producers of the hardware and the firmware, they can easily do it.

They control the kernel. They can read it from the screen, from the app memory, from the TCP stream with a minor patch to the TLS code. Seriously, the "how do you know" rabbit hole has to start from first principle.

You don't know. And the special API made is easier if it did happen. But it was not an enabler or anything - if they wanted to, they did it without, before, or with Facebook's help.