They aren't easily broken - they can be broken by tools which would stop working if the underlying vulnerabilities would get detected and fixed, so the availability (and thus usage) of these tools is quite restricted.
E.g. many of law enforcement agencies can break encryption on modern phones by shipping the phone to someone like Cellebrite and paying a hefty fee per device, but they can't do it themselves, and often can't buy the capability to do it themselves (they don't get trusted not to leak the tools somehow and kill the goose that lays the golden eggs so to say) and thus can't do it on a large scale.
There almost certainly are some intelligence or LE agencies in the world that have such a capability in-house, but it's a quite high bar, and I believe that most countries and most agencies in a decentralized policing environment like USA don't have such tools available to themselves - they could have the connections to get it done for some specific devices by one of the very few actors who can do it, but that's not what "easily broken" would mean.
To be clear, LE won't get Cellebrite's tools because they don't trust themselves to use the tools properly, but LE demands key into all companies' systems and claims they can be trusted to use those kes properly?
Law enforcement is not a monolithic entity. Your municipal police department or county sheriff’s office can barely check its email, let alone backdoor a tech company. However it might be able to get technical assistance from the FBI or a private digital forensics consultancy on an important case.
Clearly the "solution" is for backdoors to be administered by a centralized, "trusted", private, for-profit monopoly! I'm sure VeriSign would be happy to bid on it.
E.g. many of law enforcement agencies can break encryption on modern phones by shipping the phone to someone like Cellebrite and paying a hefty fee per device, but they can't do it themselves, and often can't buy the capability to do it themselves (they don't get trusted not to leak the tools somehow and kill the goose that lays the golden eggs so to say) and thus can't do it on a large scale.
There almost certainly are some intelligence or LE agencies in the world that have such a capability in-house, but it's a quite high bar, and I believe that most countries and most agencies in a decentralized policing environment like USA don't have such tools available to themselves - they could have the connections to get it done for some specific devices by one of the very few actors who can do it, but that's not what "easily broken" would mean.