For this particular exploit, it's not really because "iOS apps are truly sandboxed", it's because iOS is more restrictive with background activity, so you you can't keep a server running in the background. If your app is in the foreground it can create a listen socket just like in android.