SAN FRANCISCO — After a third party went to the F.B.I. with claims of being able to unlock an iPhone, many in the security industry said they were not surprised that the third party did not go to Apple.

For all the steps Apple has taken to encrypt customers’ communications and its rhetoric around customer privacy, security experts said the company was still doing less than many competitors to seal up its systems from hackers. And when hackers do find flaws in Apple’s code, they have little incentive to turn them over to the company for fixing.

Google, Microsoft, Facebook, Twitter, Mozilla and many other tech companies all pay outside hackers who turn over bugs in their products and systems. Uber began a new bug bounty program on Tuesday. Google has paid outside hackers more than $6 million since it announced a bug bounty program in 2010, and the company last week doubled its top reward to $100,000 for anyone who can break into its Chromebook.

Apple, which has had relatively strong security over the years, has been open about how security is a never-ending cat-and-mouse game and how it is unwilling to engage in a financial arms race to pay for code exploits.