They didn't have to use ntp.org pool at all. They obviously wanted to check if somebody changed the time on the phone and to still use "the internet time." And for that contacting one Apple's server (time.apple.com) were enough.
It seems that the iOS library author "helpfully" provided the default of contacting 30 servers from the ntp.org pool.
I'm guessing of cause, but it's entirely possible that they used the ntp.org pool, because that's what a quick Google search would tell you to do. Getting a vendor zone require that you know it exists.
> I'm guessing of cause, (...) they used the ntp.org pool, because that's what a quick Google search would tell you to do
You're wrong, see my upper comment in this very thread, I've wrote already: they used the third-party library which has as default in the call without any arguments the huge number of the ntp.org servers. The servers hit and the servers in the library sources match exactly. They used that default, resulting in 30 servers being hit at once from a single app (and the app is probably used by tens of millions of people).
" I wrote this library a long time ago for the iPhone 3GS and earlier. At that time, as best I could tell, the iPhone obtained its time from the phone company and, for me in South-East Michigan, it was not unusual for the iPhone time to be at up to two minutes variance from true time. Since my app was predicting the location of the International Space Station and a two minute error represented about 600 miles, I wrote this library so people wouldn't be staring at the wrong side of the sky!"
"Since then, the world has changed. First, iOS devices use the NTP protocol as a time source -- I stopped using my own library years ago because iPhones were delivering sub-second accurate times natively."
"I've thought for a while that this library had passed its "sell-by" date and was of minimal value; this Snapchat incident (about which I've heard only a little, and that obliquely), makes me want to remove it. I've been involved in network software, on and off, for about forty years and regard myself as a good net citizen."
The defaults up to now were really, really bad. His correction now is to remove the list. But if then the users just use any list, they are doing it wrong again. For effectively all the scenarios in practice, just time.apple.com instead of any other list and the limited number of IP addresses used from there, by default 1, should be enough for the iOS apps, or even better that they use their own servers. The swift library with the similar goals, mentioned elsewhere, has that IP-limiting loop, this library probably not.
It seems that the iOS library author "helpfully" provided the default of contacting 30 servers from the ntp.org pool.