If we compare Android and iOS security, we see that Google has copied Apple’s approach quite extensively, so that only two important differences remain:
-
iOS uses the 256bit version of AES, while Android uses the 128bit version
In theory this is not such a large difference, because the key schedule for 256bit is not especially good, but 2^65 bits are still 4 million terabytes working memory for the shortcut.
-
iOS has a unique device AES key fused into the hardware.
It prevents people from easily using a specialized computer for cracking, and you can only check one key every 80ms on device. You could extract the device key by checking with an electron microscope, but this is very expensive, error prone, and destroys the chip. Or you can still brute force it, but then you will search for a random 256bit key. 2^128 operations would need 10^19 years on a parallel cracker doing 1000 GigaOps per second.
This means that in practice iOS is much more secure than Android, because almost all passwords have much lower entropy than 128 bits; a password consisting of random letters and numbers would need to be 25 characters long to achieve it.