Yes, that was exactly my point. People keep repeating the iOS security being fundamentally better marketing mantra but it has been ordinary although the closed system helps it somewhat and they did seem to get the fingerprint security right. And I was referring to Android's permissions model when I said no you can't bypass it.
You may think it's "marketing mantra" if you're unaware of the technical differences. But compare, say, Apple's Secure Enclave with Host Card Emulation. Apple's design is just more secure. http://www.tomshardware.com/news/host-card-emulation-secure-...
I certainly don't understand characterizing iOS's security model as "ordinary." For example, it encrypts using a separate coprocessor running an entirely separate OS, that is protected against even an iOS kernel exploit. That's definitely not an ordinary design!
