He said he couldn't find anything on the topic Googling. When anyone does that, the first thing I do is Google exactly what they said. Usually turns up something. Then I point that as if I wonder how much research they actually did. If they otherwise seem alright, I might also give tips on how I get decent results out of search engines.
"About the linked article: out of date (2013, mentions iOS 4.3.3). Very thin on actual information. "
It's what I got out of a quick Google. I was unwilling to spend more time on that angle as my list of risks plus Apple's development practices shows we should consider it untrustworthy by default. I just don't feel like putting too much time into finding the specific evidence NSA might hit a specific version of a product that wasn't secure in its entire history. Also, which came from a company whose products did things like require an admin login on certain services but not check if password matches records: just the existence of a password in submission was enough. Better to spend that time on researching actual security. ;)
"About the linked article: out of date (2013, mentions iOS 4.3.3). Very thin on actual information. "
It's what I got out of a quick Google. I was unwilling to spend more time on that angle as my list of risks plus Apple's development practices shows we should consider it untrustworthy by default. I just don't feel like putting too much time into finding the specific evidence NSA might hit a specific version of a product that wasn't secure in its entire history. Also, which came from a company whose products did things like require an admin login on certain services but not check if password matches records: just the existence of a password in submission was enough. Better to spend that time on researching actual security. ;)