Back doors in Apple's mobile platform for law enforcement, bosses, spies (possibly)

Jonathan Zdziarski's HOPE X talk, Identifying Backdoors, Attack Points, and Surveillance Mechanisms in iOS Devices, suggests that hundreds of millions of Iphone and Ipad devices ship from Apple with intentional back-doors that can be exploited by law enforcement, identity thieves, spies, and employers.

The original paper (paywall), published in Elsevier's Digital Investigation sparked a non-denial denial from Apple, basically admitting that the back-doors were there, but misleadingly suggesting that they were only for enterprise administration.

But as you can see from Zdziarski's slides (PDF), neither this nor other excuses really hold water. The backdoors are actively maintained code that can be accessed over networks, possibly over cellular networks, without developer tools, and even on devices that are not in enterprise mode. The backdoors expose deep and sensitive data that is nominally encrypted and locked, and there are tools and systems in the field that rely on them, including law-enforcement tools for slurping up data from people who've been detained -- a practice the Supreme Court recently held to be illegal.

Additionally, Zdziarski points out that some NSA leaks reference a secret tool called DROPOUTJEEP, for attacking Ios devices; he speculates that this backdoor may be the key to DROPOUTJEEP's functionality.

Questions for Apple:

* Why is there a packet sniffer running on 600 million personal iOS devices instead of moved to the developer mount?

* Why are there undocumented services that bypass user backup encryption that dump mass amounts of personal data from the phone?

* Why is most of my user data still not encrypted with the PIN or passphrase, enabling the invasion of my personal privacy by YOU?

* Why is there still no mechanism to review the devices my iPhone is paired with, so I can delete ones that don’t belong?