I'm also concerned about updates. For instance, I'm currrently having to route all my iPad web traffic via Charles proxy to remove any instances of style="overflow:hidden;" in a body tag are cleared out.
Why? Because in iOS 9.2 Apple released it with a bug that causes the viewport to zoom incorrectly on these web pages. This affects LibreOffice's OpenGrok, which I browsed regularly on my iPad.
They still haven't fixed this, and it's a major regression. iOS updates are few and infrequent. Consequently I'm seriously questioning what their updates actually do to my iPad and iPhone.
I wouldn't hold my breath. The iOS Mail app can not negotiate any TLS version above 1.0 (for IMAP, possibly SMTP too) even though it obviously supports TLS 1.2 because it sends a TLS version of 1.0 in the ClientHello message even though that same message will contain TLS 1.2 ciphers (AES-GCM).
I reported it in October and Apple's security team replied they're aware of it but it's still not fixed 2 releases later even though they probably need to fix like 1 line of code (the advertised version flag).
Why? Because in iOS 9.2 Apple released it with a bug that causes the viewport to zoom incorrectly on these web pages. This affects LibreOffice's OpenGrok, which I browsed regularly on my iPad.
They still haven't fixed this, and it's a major regression. iOS updates are few and infrequent. Consequently I'm seriously questioning what their updates actually do to my iPad and iPhone.