The superuser on iOS is Apple. Apple can do whatever they want, to any iPhone, whenever they want.
Final, ultimate control must always be vested somewhere. Your argument is that it's "more secure" for it to be in the hands of a profit-seeking corporation than in the hands that are holding the device.
>Your argument is that it's "more secure" for it to be in the hands of a profit-seeking corporation than in the hands that are holding the device.
Yes. The identity a company like Apple is known and trusted. The person holding a device is not a known identity. This is unrelated to not having sudo though. Take for example the ping command. There is no reason why the user must have access to an account that has ultimate control over the device to use ping. ping should be possible to be used by a normal user. This could be implemented with a ping daemon that run with a dedicated user that has the capability to use raw sockets, and then normal users have a ping client that talks to such daemon. You can come up with everything someone would need root for and define a more secure way to offer that functionality to the user.
Final, ultimate control must always be vested somewhere. Your argument is that it's "more secure" for it to be in the hands of a profit-seeking corporation than in the hands that are holding the device.