There’s no need for Apple to react to this project at all.
Eventually, someone will send spam using this app, at which point automated systems at Apple will “console ban” the hardware identifier shared by all of the app’s customers. The project presumably has a library of valid hardware identifiers collected and ready to go, and eventually that’ll be drained by spammers faster than revenue versus device purchasing allows for. Apple can just wait silently as the app exhausts their pool of hardware identifiers, each banned by pre-existing anti-spam automation, without ever acknowledging their existence.
Apple may not buy WhatsApp will. If there's ever a commercial or OSS third party WhatsApp voice client I would expect they will try to send their Perkins Coie dogs after the project. They've already done it to many oss projects, terrifying Devs from continuing their work
Followup: One day after widespread press, Beeper has apparently triggered Apple’s protections and is temporarily offline until they rotate identifiers and perhaps IPs. Apple has neither acknowledged that Beeper exists, nor stated whether Beeper was blocked by automated or a manual process. This happens every year with third-party iMessage clients, but we’ll see how it goes for them. Perhaps it’ll be different this time.
Eventually, someone will send spam using this app, at which point automated systems at Apple will “console ban” the hardware identifier shared by all of the app’s customers. The project presumably has a library of valid hardware identifiers collected and ready to go, and eventually that’ll be drained by spammers faster than revenue versus device purchasing allows for. Apple can just wait silently as the app exhausts their pool of hardware identifiers, each banned by pre-existing anti-spam automation, without ever acknowledging their existence.