Hard to take your article seriously with statements such as "...Levels 1 and 2 of the FIPS140-2 certification are just a marketing gimmick".
Even harder to believe Jakob took the time to respond.
>That is not a big deal, considering that Levels 1 and 2 of the FIPS140-2 certification are just a marketing gimmick for most electronic devices.
They have a point here: technically, the iPhone is FIPS140-1/2 compliant. By itself, that doesn't mean that the device is secure. It does show two important requirements for security.
FIPS isn't trivial. There is a lot of shit crypto on the market, establishing FIPS is not banal. Regardless of FIPS, if not utilized properly, it protects nothing. If utilized correctly, it protects what it needs to. Discounting it show lack of understanding.
They state they believe the device fulfils these requirements, it just isn't certified. And for many customers, it doesn't matter if it actually has the piece of paper to prove it or not.