They are usually undocumented/internal calls, not necessarily privileged.
They can't be blocked that easily because the public APIs will necessarily call the private APIs at some point internally in order to implement their functionality.
The main reason private API calls are not allowed by Apple is that it would introduce a lot of app breakage when updating iOS versions. Either that or Apple would need to manually add hacks to account for specific apps that are misbehaved. (What Microsoft usually does for important/popular apps)
Security-sensitive calls do require special permissions from the Operating System, which is usually granted on a process-per-process basis. (Which is why we only got JIT compilation in WebViews recently, once the WebView process was separated from the App process thanks to WebKit2)
During the review phase of the App Store submission, Apple will use static analysis tools to figure out if the App is calling the private APIs. Some people have successfully used dynamic execution techniques to game that, to some extent. F.lux attempted to bypass the review issue entirely by shipping their app as an Xcode project, so you could manually compile it and install on your iOS device, but got a Cease and Desist from Apple IIRC.
I've read somewhere that Apple has started to take extra measures to further disallow calling private APIs starting on 9.3, but I'm not sure on the details.
They can't be blocked that easily because the public APIs will necessarily call the private APIs at some point internally in order to implement their functionality.
The main reason private API calls are not allowed by Apple is that it would introduce a lot of app breakage when updating iOS versions. Either that or Apple would need to manually add hacks to account for specific apps that are misbehaved. (What Microsoft usually does for important/popular apps)
Security-sensitive calls do require special permissions from the Operating System, which is usually granted on a process-per-process basis. (Which is why we only got JIT compilation in WebViews recently, once the WebView process was separated from the App process thanks to WebKit2)
During the review phase of the App Store submission, Apple will use static analysis tools to figure out if the App is calling the private APIs. Some people have successfully used dynamic execution techniques to game that, to some extent. F.lux attempted to bypass the review issue entirely by shipping their app as an Xcode project, so you could manually compile it and install on your iOS device, but got a Cease and Desist from Apple IIRC.
I've read somewhere that Apple has started to take extra measures to further disallow calling private APIs starting on 9.3, but I'm not sure on the details.