On the other hand, how could they skip this topic in an article about a "privacy" phone?
If find the trustworthy value of a phone is about equal to the privacy leak bounty. If each customer trusts the phone with, say $300 worth of information, then that should be a hell of a big bounty.
So Ars Technica should have talked about "where's the source" and "how much is the bounty".
In all fairness I wouldn't say Ars Technica, good though some of their coverage is, are really the people to determine this.
Especially in an article in which at no point do they ask "where's the source?".