GP is actually making a factual statement not just waving his hands around. Data at rest encryption doesn't matter if one can gain execution control with supervisor level privileges (or control another processor or part of the process which does.) This is why security is hard. These aren't NSA level attacks, they're what are used for the jailbreaks that come out for every version. It's a good idea to ask questions before getting fired up if it isn't your area of expertise.
Well, I disagree with his factual statement and I tried stating the reasons why.
I have my Android encrypted and I do feel safer, because I've got my 2-factor auth generator on it and now at the very least I feel safe about losing it. So why are we talking about a false sense of security, when an encrypted phone is factually more secure than one that isn't?
