The NSA can turn on the mic or the camera. It doesn’t matter if the data is on their device, another server, or in the cloud! They can get to it no matter what.
That’s not true for the iPhone and the iPad, which is not jailbroken. I’m sure it’s true for the others that run other systems.
The iOS which is not jailbroken has never been shown to be compromised. One can’t install malware (or any software) remotely. And if it is not jailbroken, software cannot be loaded from the web or some malware site, even if you tried to do it.
The only place that software can be loaded onto the device is the one and only place of - the Apple App Store. And there ... they don’t even allow “spyware” that “you” may even want on your device. It’s simply not allowed in the store. All the software there is screened before allowing on the store. If something were to get by and someone reports it as spyware, afterwards, it would be pulled immediately.
The key here is NEVER JAILBREAK your iOS device, because then you defeat the security measures.