If reported security issues have been ongoing for six months, a year, or longer, or potentially for over a decade as reported in this case, and presumably with multiple discussions with Apple and/or various postings with suggestions here or in other forums, or with other device or security or support providers or vendors, then the reported security issues — whatever those might be here — will not be resolved here, not by us.
Why won’t this get resolved here? There won’t be new or different suggestions offered here. Nothing new here that you have not already learned about, considered, and discarded or implemented as appropriate. We also don’t have access to your data and devices, and do not know your risks and exposures and the rest of your context, and posting that information here would be somewhere between inappropriate and inadvisable.
As for what has been posted in this thread, nothing here indicates any security issues.
Whether there are cellular issues with that SOS, either with the phone or the carrier or iOS?
The use of GPT text for technical analysis resource is ill-advised. GPTs are statistical tools that guess the next word based upon the previous words and big corpora of words. They’re statistical word salad, not wisdom.
Can ML be used to detect patterns of a breach? Sure, but you’ll need to train the ML with corpora of breached and unbreached devices. Those ML corpora are not going to be widely available. Data from Reddit chatter, sure.
Scanning telemetry data or scanning random JSON files is also searching for needles in haystacks, with an ever-increasing number of haystacks, without knowing what the needles might look like, or if there are any needles. And where various malware can simply delete the telemetry data. Can you potentially find evidence by examining telemetry data or at random JSON? Sure. Is it likely? Nope. Not without knowing what to look for, where and when to look, and all that also changes. Which means re-training the MLs, too. And means automated tooling to scan the massive amount of data involved.
As for the trust store, that’s protected the same as the rest of iOS, iPadOS, and macOS, and a breach there would mean the entire install is also breached. Here is an in-progress intro to that topic: Certificate Trust Store on iPhone, iPad, … - Apple Community
What to do? You’ll want and need to try a different approach. Whether that is learning about or contracting for formal data forensics, or learning about security implementations and exploitation, or consulting with specialists? Evidence-free threads are not going to advance your case toward the resolution you seek.
And more generally, the number of folks that want free forensics vastly exceeds the numbers and available time of those free forensics providers. Which means you’ll need to better characterize why your particular case is worth investigating.
