But as long as the phone is unrooted the all can't spy on anything. Your phone restricts it.

If you root your phone and install apps, your apps can do anything and spy all they want.

So the comment still makes zero sense.

Unless you have a physical switch, you can't trust that a toggle button will actually disable or enable a feature. It wouldn't be the first time UK government tried to push some sort of backdoor. It isn't particularly difficult (from the OS's manufacturer perspective) to tell the user: "sure bro, this gov app doesn't access your location or mic xD".

Apps on a rooted phone can only do anything if you give them the root permission. Otherwise, permissions the same as always.

That's the point. You're able to give them that permission. That's a vulnerability.

OP was arguing that unrooted phones are somehow less safe, which is absurd.