Posting tweets, I know for a fact is the same as SMS and Email in that it's a sheet operated by the system, you can't touch it from the app.
The worst possible thing I thought, would be if it could actually dial out without the user giving permission. So I embedded the code they gave in the paper in a sample app, with the CoreTelephony framework (and a number of other frameworks/libraries for good measure) added:
void* h = dlopen("CoreTelephony", 1);
void (*CTCallDial)(NSString*)=dlsym(h, "CTCallDial");
CTCallDial(@"A Valid Phone Number here");
Segfault, no dialing. So THAT does't work either.
I didn't test some of the other things but I really wonder how much they ACTUALLY tested on iOS6. What a shame that it's so easy to fool so many people like yourself just by throwing around terms like "private API" and some semi-plausable looking code...
I'm sure some of it would still work on iSO6, but it seems none of the really dangerous ones does. So my stance is still that they didn't really break out of the sandbox, they are just building some nice looking castles and pretending they are real.
Is it TOO MUCH TO ASK that some independent verification take place on fantastic claims like these?