Currently they aren't even trying
As explained so many times, if you have a budget (i.e. $100k) you can get around any of those mobile phone "security" measures.
Here is a public talk about the capabilities of the Dutch agencies from 2013. You will notice that this includes a FIB with which you can easily rewire any kind of security chip internally to keep it from storing a "usage" counter. Or alternatively to read out the encrypted key and the algorithm, and just do a bruteforce attack. (which is trivial if you have a numeric password)
https://www.youtube.com/watch?v=AVGlr5fleQA
Here's a talk giving an overview on how that can be done:
https://media.ccc.de/v/30C3_-_5417_-_en_-_saal_6_-_201312281245_-_extracting_keys_from_fpgas_otp_tokens_and_door_locks_-_david
Some of the most secure crypto devices on a budget are Pay-TV cards, and if you watch the Panorama documentary, you will find that different companies have been able to circumvent those measures several times in the past. The documentary is called "Murdoch's TV Pirates"
Logically to encrypt data stored on a device you need a secret. That secret has to be entered at least every time you boot, so it either has to be stored on the device, or derived from some stored information and some passcode. On a device without a keyboard, such a passcode cannot be particularly long and usually only numeric.
So if the industry actually wanted to provide a slightly more secure device, they'd offer it in 2 parts. One is the mobile part, which you carry around with you, but is essentially a terminal, the other one would be a device you can have at a physically safe space where you store all the data on and execute the actual code. Authentication would work via public keys (think of ssh) and the server would automatically remove the authorized key for the device if something is fishy, or after some time.
That way, if your mobile device gets stolen, you can simply remove that key, and the new user won't be able to get any of that data, no matter what they do.
I personally think that the "but we need to catch criminals" thing is rather stupid. Police did catch criminals before they were carrying around lists of contacts with them. In fact, people used to remember phone numbers and addresses inside of their head.