First of all, you’re implying it runs latest Windows - but Windows 11 shipped a few years ago.

Second - not really a fair comparison. 18 years ago the iPhone didn’t even exist. And the oldest model (17 years old) had really weak hardware. 4GB of storage, 128MB of RAM, and the CPU was an order of magnitude slower than current spec CPUs (it was also 32 bit - and 64 bit ARM is a completely new architecture - similar to the failed Itanium).

Even if it was supported, it would be a horrible experience.

What technical limitations?

I’d guess it was the small battery in the watch. A lot of features on Apple’s smartwatch cause serious battery life problems unless they can be offloaded to your phone at least most of the day.

For example if you have the weather conditions on your watch face… the watch can lookup the weather but it generally will ask your phone to do that. Stuff like that is a lot easier if you control the phone operating system and aren’t just running an app.

… for example if you never launch the weather app on your phone, both Android and iOS will reduce it’s ability to drain the phone’s battery by running in the background. Apple makes an exception to that rule for weather apps where the user has a widget an Apple Watch face. How could the Android battery management systems know what widgets are on your Apple Watch?

API requests are usually encrypted with SSL and protected against unauthorised use with something along the lines of a JWT: https://jwt.io/

Breaking through the SSL might be possible, if the developer doesn’t pin certificates, but you don’t know the secret used to generate the HMAC signature (blue section of that website), then you can’t simulate the API request. And the secret shouldn’t be sent over a network connection.

You could probably access the secret with enough work, but it would be a lot of work. You’d have to do it separately for each app. And the developer can change the secret whenever they want. The developer will change the secret at the slightest hint of anything like this being used with their app. And possibly also take additional steps to keep it from being accessed (e.g. store it in the Trusted Platform Module or equivalent on Android/iPhone). Even the CIA can’t access that - it’s mostly intended for payment processing and protecting data on a stolen phone, but there’s nothing stopping a weather app from using it to prevent unauthorised access to their API (weather data is very expensive, and often billed per API request).

Running the real app on a real phone though… basically nothing an app developer can do to stop that.

it’s just never used or enabled in the software by default

…and most people who own those devices have never heard of IPv6 and don’t know how to enable it. They just won’t be able to access your website. If Amazon dropped support for IPv4, there wouldn’t be anything i’d be able to do to deal with the fall out. I’m not going to send a technician to every single home of every customer I have. What I could (and would) do is move all my stuff off Amazon.