They can't mess up with the private key (at least this is what they say, and we can't verify that as their software is closed source). But they're free to manipulate the public key which is used during the encryption phase.
For Apple as a company, not having access to iMessages is the safest thing to do, and I believe them when they say they can't access them in the current setup and are not willing to change that. It's because this would change their status from hardware/software vendor to telecommunications provider, with all related problems and costs - and they don't need any of these, so the best option is just to shield themselves from any user-to-user communication.
For Apple as a company, not having access to iMessages is the safest thing to do, and I believe them when they say they can't access them in the current setup and are not willing to change that. It's because this would change their status from hardware/software vendor to telecommunications provider, with all related problems and costs - and they don't need any of these, so the best option is just to shield themselves from any user-to-user communication.