> I don't have to worry about what my grandma downloaded from the internet for her iPhone
Yet you're ironically responding about an article telling how to find if your iPhone has been infected with Pegasus, one of the worst most obtrusive security vulnerabilities you can have, period.
Since the law doesn't protect citizens from illegal surveillance, no matter if that is your grandma or not, this kind of security is extremely important.
Of course this is a big deal. But I think people are sort of missing the point. Nation States will always find a way in. There’s really no kind of security that stops a persistent well resourced threat.
If you think android/<insert OS> is immune to an advanced persistent threat, you're wrong.
Apple will fix these vulnerabilities, and then these professional hackers will get back to work on finding a new way in. The goal isn't 100% impenetrable security--that's impossible. The goal is really imposing a high enough cost so that as few as possible are capable of getting in.
There is not a rampant security problem on iOS. But there are still vulnerabilities for those with the resources to find them. That's only surprising to people that don't follow the security world.
States probably have dragnet surveillance and devices like iPhones make this far easier than it should be.
> If you think android/<insert OS> is immune to an advanced persistent threat, you're wrong.
Some of these devices are probably even more vulnerable. But the heterogeneity of systems is what provides practical security and systems like iOS are the opposite of that. Through this uniform software environment you create the juicy target in the first place.
Also anything in the Apple cloud is highly vulnerable to state actors anyway. Not only in the Apple cloud of course.
> But the heterogeneity of systems is what provides practical security and systems like iOS are the opposite of that.
This may be the first time someone tried to argue the fragmented nature of Android makes it more secure.
It is true that iOS, being as uniform as it is, can present a plum target. The difference is that this also means that with one fell swoop Apple can mitigate vulnerabilities for a billion devices--and they do.
One of the primary reasons to buy an iPhone is Apple's commitment to update support for many, many years. All phones will have vulnerabilities. That is inevitable. The most important part is manufacturer commitment to promptly fixing them when they're found.
> States probably have dragnet surveillance and devices like iPhones make this far easier than it should be.
The cost of these exploits makes it unlikely that it's truly dragnet. You don't want to risk burning your expensive exploit by going after literally everything. The wider you cast the net, the more likely you are to be found, your exploit patched, your infrastructure compromised. Again, platform security is not about being impenetrable--it's about imposing costs high enough to limit the number of players and the corresponding damage.
Android isn't the alternative draft to iOS, it is similar in significant properties. Alternatives would be relatively open PC systems for example. That diversity grows with more uncommon operating systems, which are currently endangered by MS secure boot btw, which would put PC in the same boat as mobile systems.
This isn't about favorites, I own Apple devices myself, although only MacOS and I don't expose by ID to Apple. Doing so is a major risk for the case your OS gets compromised.
As with Windows PCs in the past, you become a target with popularity.
With dragnet surveillance I mean that state actors scoop up every source they can get their hand on. It doesn't need justification because they already moved the goalpost to wanting to access encrypted information. Als the other sources aren't even questioned anymore.
Yet you're ironically responding about an article telling how to find if your iPhone has been infected with Pegasus, one of the worst most obtrusive security vulnerabilities you can have, period.