I know this is an old post, but I just noticed it, and it's an interesting topic, so here's my 20c..
Firstly I know very little about Apple stuff specifically, I'm a PC guy and I have never owned an iPhone.
Android vs. iPhone security.
I am quite sure that iPhone security would be 1000000x better than Android. In fact I'm pretty sure that a Commodore-64 would have better security than an Android phone.
Android is open-source, but the project was instigated, supported and guided by Google. Google's #1 business is data-mining, that's where they came from and that's how they make billions. Android is pretty much designed to have all of your personal information fed straight to Google and anybody they want to sell it to - this isn't a secret, read the fine print.
I still use Android phones (they are really cool and handy) I just don't use them to access my personal secure info. Email ... NO, Facebook NO... none of that TYVM.
Philosophically, I think Apple are at least trying to make their stuff reasonably secure. Mainly because apart from their brand appeal, that's pretty much all they have to offer that you can't get from an Android phone for 25% of the cost.So to the core question here:
IS IT POSSIBLE TO MAKE A SECURE PHONE?
The answer is most definitely YES. Apple (or anybody) could make their phones 100% secure ... and release the source code ... and even the people at Apple would still not be able to get into them. The fact that Apple can get into them is simply because they have built in back doors for themselves.
NOTE: I am talking about the device being shut down/sleeping and it being impossible to access without the correct password; if you are accessing some network resource, there is always the chance of that communication being intercepted, although if properly encrypted that should still require compromising one of the devices involved in the transaction (phone/modem/server..)
To make a device secure, you only have to have all the user data saved to encrypted storage then use the user's password to encrypt the full encryption key for that storage device. I've never looked it up, but I assume this is how it is done.
Without going into too much nerdy detail, modern encryption algorithms are secure because of the amount of time it takes to calculate very large prime numbers, which is considerable, so once the encryption key becomes sufficiently large, the amount of time required to reconstruct the key exceeds the age of the known universe... You have a better chance of success getting your cat to type in random passwords for you.There is no getting around this, it is a mathematical fact. Nobody has ever reversed this kind of encryption, it is beyond the knowledge of mankind.
All that stuff on TV where someone finds some encrypted hard drive and some actor pretends to type something on a keyboard, then magically the plans to the death-star appear..... it's all just complete and utter garbage.
All of the hacks and exploits that are used to breach security do it by attacking faults in the hardware/software that is handling secure transactions - i.e. where some machine somewhere already knows what the decryption key is
, that machine is tricked into either decrypting the data for an unauthorised user or supplying the key to them so they can decrypt it themselves.... but actually reverse engineering the key? No sir
. No way. Never happening
.... not without a quantum computer ayway.
There is no need for a local encryption key to ever be transmitted or leave the device. If the encryption process was not in any way deliberately compromised by the manufacturer, or some malicious software installed on the device (keyloggers trojans etc.) there would simply be no possible way that anyone
could ever access it.... unless your cat got REALLY lucky.
Attempts at hacking it would have to involve trying to exploit vulnerabilities in the OS to get it to supply information, but this could ONLY be done when the user had unlocked the phone with their password. If you phone was not compromised, and you switched it off, then the FBI, Apple and Santa-Claus all working together could never get into it.
Even if you assume that people aren't stupid enough to use their kid's birthdays or the name of their goldfish or whatever, social hacking techniques are a real threat. People are more aware these days than in the past, but for serious security the most dangerous types of attack remains someone tricking a user into entering their password under a spycam or into a compromised device and simply recording what they type in etc.
... but anyway .... could they make their phones totally secure? YES
. Have they done this? NO.
Because they themselves can break into their own phones, so if the FBI or whoever do manage to break in, they will do it by hacking the back doors Apple have built in themselves.
... and any manufacturer will always cave in the end and give the FBI what they want – although not before getting a whole lot of security publicity by making a big deal out of it in the media.
KIDDIES CORNER: Want to hack the entire world's security and become a Cyber-GOD? Just develop a fast algorithm for calculating large prime numbers ..... easy right?