In my opinion, if they want a few shortcuts and hints they need to first talk to the wireless switch engineers and ask them if they've directly received any gag orders from the feds, or indirectly threats from their management. Back in the 90's, we used to update the firmware over the air. We could rewrite anything anywhere on the phone. Officially we did not do this, not because of any secrets or conspiracy... The fear was that if customers found out we could do this, it would be a support nightmare and not cost sustainable. We made the business decision to not update the phones over the air to avoid the risk of bricking any of them. This was only done for really bad firmware bugs and only to specific phones. As a result the phones would become out of date and people would eventually buy new ones. The reason I mention this is that if you can rewrite the firmware and reboot the phone, then you can intercept anything related to encryption, keys, passwords, etc... I have no idea what capabilities are in place now, but I would be very surprised if they regressed from what we could do in the 90's.
There are rumors of recent-model iPhones receiving "carrier setting" updates not documented on the carrier's website (they should be), occasionally followed by instability (crash, refusal to boot, refusal to reboot on battery power alone).
This was the case for every phone prior to the iPhone and is certainly the case for Android, as past bugs were patched by some wireless carriers and not by others. Getting an answer to this may prove difficult, as Apple are very litigious and people know this. If engineers received a gag order, I suspect they probably won't risk violating it.
