To add to your point, even if there were no such "term" governing that particular use of the "service," if I'm the owner of the API and I find out those API keys are being used to spy on my users, don't I treat this as the security breach that it is, and revoke those keys on that basis?
In general I agree with your point but I think these terms help Apple's case because it's easier to argue against definitions of spying, harder against terms of service. Especially when Google so strictly enforces all of their terms. I mean, good luck getting reinstated on just about any of Google's APIs.
