Apple has to comply with its contract just as the developers do. I did just check the agreement and either party can terminate with 30 days' notice for any or no reason, so they could theoretically terminate.
Given this is completely out of the scope of the App Store or even the SDK (contrast with the security researcher who got unapproved code executing), however, I don't imagine Apple will feel the need to terminate. I guess we'll just have to wait and see.
Doesn't matter if you are breaking the law or not, plenty of legal apps get rejected. Apple sets their own terms outside of US law.