It's a weird problem. Some application running on the device must accept some user event, such as a key press, mouse click or touch event and turn that in to a request for a screenshot. This is true regardless of operating system. I agree that it should always be possible for a physically present user to take a screenshot and save it, but how can the OS really know if its really the user initiating the action and not a malicious application?
Even if you can be sure that the event originated from a real user action, that doesn't tell you that the user did the action with the intention of taking a screenshot. For example, they could have been "clickjacked" into clicking the screenshot button.
It doesn’t need to spoof input, it just needs to be something the user wants to provide input for. That user input can then be trusted, and the malicious app can claim whatever it is doing was at the behest of its user, whether that is true or not.
