Security isn’t about protecting everything from everything. It’s knowing what you’re protecting from what (and what you’re not protecting). That’s why we use threat models.
An analogy: you don’t protect food from the environment; you protect different types of food from different factors of the environment. You might design a heat lamp to protect the freshness of your dinner but a freezer for your ice cream. What you don’t do is design a heat lamp and assume it’ll protect your ice cream also.
@aral so instead of hailing a $1200 device as more secure (which by the way, some 25% of the world population cannot afford in a lifetime); we should instead raise awareness of howto better protect yourself; or at least, be more aware what happens with your data - and maybe, not to trust your phone to keep it "safe" for you.
So yeah, maybe for an API, you can create a "thread model"; but with our phones, this is a completely different issue.