Bad if they are.
A device using a 4-digit PIN to "secure" any kind of crypto key? Not unless there's something else protecting stuff. Androids have got FIPS 140-2 according to this article, I'd think that those handsets are closer to certification.
I wouldn't bet on an iPhone as a secure device. If I were the US Government, I'd use the Sectera Edge instead; they developed a truly secure smartphone. This already came to light when Obama got elected.