Somewhat misleading article.
Here's the reality: a relatively new (~2 years or less) android or iPhone can not be cracked by the tools except via pin brute forcing or via the "services" - basically the companies using 0-days and cracks. And while $1950 isn't a lot for some people - it is a lot for a police department to spend and generally won't be done unless there is a strong need.
Secondly, the report doesn't mention how often the subjects give up their pin. A lot of people will when asked.
For a person who has installed 2FA and also enabled the full security features on the phone, security is going to be good.
To be clear: there is no way to protect anything electronic from an attacker with time and money. The phones can be disassembled and their SSD memories copied - at which point all you need is to know the software architecture and you can run parallel attacks on the cloud against virtual copies.