> Surely it's easy enough to define some kind of verification process based on various pieces -- phone number, credit card, purchase receipt, etc. -- and requiring a police report to be filed or something.

Apple has such a process in place: https://support.apple.com/en-us/118574 (The details aren't all laid out on that web page, but Apple support may ask for information like purchase records to confirm ownership.)

What I think is at issue here is that it will only restore access to an account which is not currently being accessed. If an account is being accessed from a logged-in device, Apple is unwilling to cut off the current user's access to that account and hand it over to another party.

And, quite honestly, I can see where Apple is coming from with this policy. Arbitrating access to a contested account can get really messy (e.g. consider a scenario where an abusive partner is trying to access the victim's online accounts).

I think you're jumping the gun here.

An account is supposed to belong to a single person. If you are able to definitively prove that you are that person (for example, by showing up to an Apple store with your ID card), you should be able to restore access to it. An abusive partner won't have access to that.

Refusing restoration when someone else has access to it is understandable, but it works the other way around as well: an abusive partner would be able to prevent the legitimate owner from accessing the account.

I think it's far more likely that Apple just can't be bothered. Dealing with stuff like this is messy and complicated, and they aren't going to lose any revenue from those few thousand people a year losing their account and all their data.