"Just after Apple’s announcement, Zdziarski confirmed with his own forensics software that he was still able to pull from a device running iOS 8 practically all of its third-party application data—that means sensitive content from Twitter, Facebook, Instagram, web browsers, and more—as well as photos and video. The attack he used impersonates a trusted computer to which a user has previously connected the phone; it takes advantage of the same mechanisms that allow users to siphon data off a device with programs like iTunes and iPhoto without entering the gadget’s passcode.
“I can do it. I’m sure the guys in suits in the governments can do it,” says Zdziarski, who has trained law enforcement in iOS forensic techniques in the past. “And I’m sure that there are at least three or four commercial tools that can still do this, too.” Zdziarski said he has yet to test those commercial forensics tools to know which ones might still be capable of the data-siphoning trick, but he speculated that software from the firms Cellebrite and Oxygen were likely candidates.
The data siphoning trick has important limitations: it requires a “pairing record,” a unique key that can only be found on a computer with which the target device has shared data in the past. That means cops, intelligence agents, or hackers hoping to use the technique would have to either plant malware on a user’s machine to access the pairing record or simply grab the target’s computer along with his or her mobile device. The targeted user would also have to have unlocked his or her iOS device since last turning it on—freshly restarted devices aren’t vulnerable to the attack, Zdziarski says. Even using the siphoning trick, aside from photos, none of the data that Zdziarski managed to retrieve contradicts Apple’s new promises of protection. He couldn’t access emails, call records or other native iOS applications.
so don't be naive and don't believe what the marketing guys are saying
the only way to keep the data on your phone private is NOT to log your phone to the internet and surely NOT to your computer or any other hardware
and if you don't accept 'updates' from the internet than you have surely blocked the phone
but in the UK you can also be condemned only because you refuse to give the pincode or access to your phone during an investigation..... (expect this here to arrive)