They said it was impossible for them to build a backdoor into iOS that would only be accessible to legal requests from law enforcement, which is true in the strict sense. So law enforcement bought a vulnerability exploit from a third party.