Kaspersky is blacklisted as a government security vendor for anything remotely resembling classified or sensitive material. Also, virus databases are open to having their definition databases perused by the user. You can actually dissect what is being scanned for. Apple's system is not, and goes through great pains to be as opaque as possible. Understandably so it may be, from a rational free agent point of view it is still a threat at scale.

Top of that, there are many other tools which can do all the same. People are thinking like this has been hard work to add right now, and now future exploiting comes easier. Hard part has been creation of system, which locks Apple out of your pictures. Scanning your system files and sending some metadata is literally few lines of code and could have been pushed on week anytime in the past.

HTTPS and E2EE were not common many years ago

This really has nothing to do with those protocols as scanning happens on-device when files are just lying around.

the comment i was replying to stated:

> Why haven't those vendors been already co-opted by governments (Kaspersky on the Russian side, Microsoft in the USA side) into scanning for illegal, copyrighted or secret material and reporting on it

My reply about the only-recent prevalence of E2EE and HTTPS was an implication that the governments mentioned didn't need to get those companies (such as anti-virus companies, etc) to scan for [insert scary material here] as they would have just been able to hoover it up on the wire (as was shown happens in the US by Snowden)

Thus the question of "Why haven't those vendors been already co-opted by governments" is answered IMO - it wasn't necessary.

Edit: to be fair - i now see what you mean - "never leaving the device and still getting scanned" vs "scanned in transit"