There is some difference in the skill level required to convincingly craft a fake screenshot versus to spoof an API request, but yeah, it's not a huge difference.
The fact that it's an API request will make it easier to create checks. For example, they could check if the length of the messages match with the length of the encrypted ciphertext the server sent. In theory you can do with this a screenshot already, by redigitizing the content, but it's harder. Or they could check whether the received/sent/etc dates match with what the servers recorded, etc.