Okay, point me to a single white paper or certification that can demonstrably, reliably differentiate between
products that can protect against state-sponsored attackers and products that can not, and show any Apple product that has been verified against that standard to protect against state-sponsored attackers.
I will start by pointing out such a standard, the Common Criteria, which can reliably reject systems that can not protect against state-sponsored attackers as systems such as Windows have never been able to achieve even protection against moderately skilled attackers, which is a fair assessment. Under that standard, which iOS and all other Apple products are already certified to, Apple has never once been able to achieve protection against moderately skilled attackers let alone highly skilled attackers. In fact, that very same standard declares from empirical evidence gathered over decades that it is infeasible to retrofit a system that can not protect against moderately skilled attackers to ever become able to protect against moderately skilled attackers or above.
For reference, one way of demonstrating protection against highly skilled attackers according to the Common Criteria is to subject the systems to a penetration test by the NSA with full access to source code with successful penetration constituting a failure. That is a reference point for what protecting against a state-sponsored actor looks like according to the standard.
I will start by pointing out such a standard, the Common Criteria, which can reliably reject systems that can not protect against state-sponsored attackers as systems such as Windows have never been able to achieve even protection against moderately skilled attackers, which is a fair assessment. Under that standard, which iOS and all other Apple products are already certified to, Apple has never once been able to achieve protection against moderately skilled attackers let alone highly skilled attackers. In fact, that very same standard declares from empirical evidence gathered over decades that it is infeasible to retrofit a system that can not protect against moderately skilled attackers to ever become able to protect against moderately skilled attackers or above.
For reference, one way of demonstrating protection against highly skilled attackers according to the Common Criteria is to subject the systems to a penetration test by the NSA with full access to source code with successful penetration constituting a failure. That is a reference point for what protecting against a state-sponsored actor looks like according to the standard.