You misunderstand. Apple can erase the device and let a new user set it up from scratch, but they can't read the data off it. The feature is called Activation Lock and it exists to discourage theft.
Activation Lock is only enabled when you have the "Find My" service enabled. I'm pretty sure the device asks you during setup whether you want it on or off. You can toggle it in settings whenever you want.
Users only need to get Apple involved if they forget their iCloud credentials.
I'm not sure what "the whole 'deter theft'" thing is but 'deter theft' sounds like a marketing gimmick to me. You give some corporation your keys to hold for you because you can't trust yourself. Why can't you unlock your own damn phone?
That's not what is happening. Please look some of this stuff up before assuming the worst. Apple does not have the ability to decrypt the device, nor do users depend on Apple to unlock the device.
Users can choose to enable Activation Lock, which means that only the owner or Apple can allow someone else to erase the device and set it up from scratch. Users can disable Activation Lock at any time. The only time that users can't disable it is if they forget their iCloud credentials. That's when they have to go to an Apple store and prove that they own the device.
So that a stolen phone is useless? That’s a pretty big deterrent.
And you still hold the private key, from what parent said having the store unlock the phone means that it will be factory reset so they still can’t access the data on the phone.
If you want to get into the specifics...neither Apple nor the user holds the real private key.
The key needed to decrypt the phone contents is generated and stored in the Secure Enclave, a separate piece of hardware+firmware on the phone. When the user providers their password/pin, the Secure Enclave checks to make sure it's correct and then it will decrypt the phone contents and make them available but the actual decryption key never leaves the secure enclave and isn't accessible by the main OS.
