Security isn’t about protecting everything from everything. It’s knowing what you’re protecting from what (and what you’re not protecting). That’s why we use threat models.
An analogy: you don’t protect food from the environment; you protect different types of food from different factors of the environment. You might design a heat lamp to protect the freshness of your dinner but a freezer for your ice cream. What you don’t do is design a heat lamp and assume it’ll protect your ice cream also.
@aral spoken like a true politician, with a matching, completely unrelated comparison, that's supposed to conclude the argument.
What threads do we (our phones) face? Physical theft; digital theft? Have you ever considered that over 50% of the world population, live under oppressive governments, that have all resources, to access your phone?
Not to mention that most of these tools, find their way online - so even if I can't access your stuff today, I'll likely tomorrow.
@aral so instead of hailing a $1200 device as more secure (which by the way, some 25% of the world population cannot afford in a lifetime); we should instead raise awareness of howto better protect yourself; or at least, be more aware what happens with your data - and maybe, not to trust your phone to keep it "safe" for you.
So yeah, maybe for an API, you can create a "thread model"; but with our phones, this is a completely different issue.
