Both of my daughters (one teenager, one adult) have asked for flip phones because of all the hacking that has been happening to “Smart” phones. They decided they do not need or want the possible “unwanted” exploitation of anything they decide to take a picture of.
That hacking did not happen to iPhones. . . the iCloud "hack" turned out to be a hoax by a guy who wanted to sell his collection of celebrity photos collected over a number of years by a group of perverts who have a joint hobby of tricking celebrities into giving up their data. Some did come from the iCloud, but they were compromised because of weak choices of security questions and answer that for a celebrity could easily be learned from fanzine biographies.
The "hackers" went to Apple's "forgot my password," and then selected to answer the security questions to be able to change the password, and answered the security questions with the answers they learned from the fanzine bios and simply changed the celebrity's password. . . and they were in!
That is not a hack. It is social engineering combined with celebrity stupidity. Choosing a security question such as "What is your Mother's maiden name?" when you are a celebrity is beyond stupid, especially when you just got interviewed by E! and told the world your mother was named "Pauline Gumm" when she was a little girl! That may be a good security question if you are John Q. Public, but not for a celebrity.
Many of the photos that were "stolen" actually came from PC computers and Android devices. . . the Meta data on the photos proved that. . . and came from many years earlier and would not have been uploaded to Apple storage. Some actually were publicity stills from movies.
In fact, the photos were on Reddit and another site and being offered for sale for TWO WEEKS before iBrutethe supposed iCloud brute force password script the guy trying to sell the photos claimed he used to break into the iCloud accounts and steal the photos from the celebrities' accounts from iCloudwas even released. Apple announced that no one ever even attempted to use iBrute before they closed the vulnerability. . . and that no passwords were compromised. The only way anyone got in was by changing passwords.
Data on iOS devices are 256 bit AES encrypted. . . and that is a very high level of encryption. In addition, once the data is uploaded to iCloud as encrypted data, it is anonymized, split in four pieces, mixed with other users data, and AGAIN encrypted to an additional 256 bit AES level on top of the already encryption. Apple itself cannot decrypt your daughters' data. Only they can retrieve it using their passcodes through their devices. Your daughters fell for the FUD that was being spread. Of course, that was what was intended.