The Apple iPhone has strong internal security that is hard to bypass, and iOS 8 encrypts data by default. Google has also followed suit with stronger protections for Android, much to the chagrin of government agencies, which are unable to hack into the phones directly to retrieve information. Apple and Google are also refusing to decrypt the data for anyone, so phone security is locked up pretty tight.
Where there is a will there is a way. According to Der Spiegel, the publication with access to Edward Snowdens documents, the British Secret Service had figured out how to track iPhone users when they connect their phone to a computer. Once the phone is connected to an infected computer the agency analyzes the downloaded data. This eliminates the need to directly hack the phone, thus proving to be a working model for circumventing encryption and security features on the phone itself.
The British Secret Service also tracked internet usage on the device through a vulnerability in Safari and Google's Admob advertising service. The UDID, a device identifier number, is exposed through the tactic, and then the user can be tracked online. These methods were used by the agency in 2010, and likely the loophole has since been closed. However, variants of the same method may still be in use that are successful.
This highlights another effective way that ingenious spy agencies can circumvent even the strongest protections by thinking outside of the box.