Then they should enable interoperability. Either provide a secure platform that others can access, or let third parties offer their own. The whole point of passkeys is to handle remote authentication and authorisation securely - and is effectively what Apple are already doing under the hood.

This whole "we can only trust Apple" argument is outdated given modern security standards like FIDO2/WebAuthn and passkeys