An extension to the link [1] above is: the price NSO pays for android zero click is higher than the price they pay foriPhone zero click exploits. This implies they do indeed a catalog of iOS exploits stashed.
I've heard a few people theorize about why Android exploits seem to pay more. The theory is that Android is 1) very fragmented, with each manufacturer having different versions and modifications and 2) updates are much slower/non existent.
To get the top payout, you'd need to come up with something that works across all manufacturers versions of Android and probably across 4 or 5 major versions. You might be able to find an exploit for all Androids running version x, but if that version only has 10% of the android market, you wouldn't get a full payout.
iOS users tend to heavily be on the latest version, or one version behind at most. As an example, most recent iOS exploits in the wild seem to be using iMessages. On iOS, you can focus your efforts at one thing. On Android? Your surface area is much smaller because each manufacturer is going to be shipping their own messenger app, for example.
Looks like there's finally a benefit to Android OS being such a clusterfuck with some many versions being currently active on a significant portion of devices. Not updating quickly increases the number of versions floating around.
The link is about Zerodium, not NSO. Also, 2.5M $ vs 2M $ is not a meaningful difference, neither presents a meaningful road bump to competent attackers. But your point that it indicates a robust stash is fair. They 100% do.
Note that the article is from 2019. The iOS 14 made significant changes to the way messages are processed by adding sandboxing and isolation. Here's a post by Project Zero evaluating the improvements: https://googleprojectzero.blogspot.com/2021/01/a-look-at-ime...
It doesn't really imply anything because iPhone's global market share is less than 30% with customers concentrated in North America and China, both danger zones for NSO operations. Android exploits might also take far longer to patch across all vendors and users might take longer to update compared to iOS.
It's fairly probable that iPhone exploits are just less valuable to a shady intel operation that sells mostly to small authoritarian regimes.
Your comment is not considering that these governments are more likely to target politicians and journalists which are more likely to use iPhone regardless of where they are located. I don’t know if the implication that iPhone is less secure holds but it’s likely.
> Your comment is not considering that these governments are more likely to target politicians and journalists which are more likely to use iPhone regardless of where they are located.
Are you sure that's true? In my experience governments often choose Android because they prefer the platform's organization-wide device management options over iOS. Many dissidents/journalists choose Android because it's easily rootable, giving them more privacy and control (I have a very small sample of the latter, however)
You could use Apple’s lockdown mode. It’s unmatched on Android.
Google and Samsung warn you about enabling root.
Samsung:
Is rooting your smartphone a security risk?
Rooting disables some of the built-in security features of the operating system, and those security features are part of what keeps the operating system safe and your data secure from exposure or corruption. Since today’s smartphones operate in an environment filled with threats from attackers, buggy or malicious applications, as well as occasional accidental missteps by trusted users, anything that reduces the internal controls in the Android operating system represents a higher risk.
Security risks with modified (rooted) Android versions
Google provides device security protections to people around the world using the Android operating system. If you installed a modified (rooted) version of Android on your device, you lose some of the security protection provided by Google.
Important: If your account is enrolled in the Advanced Protection Program, don’t use that account on a device with a modified version of Android. Modified versions of Android can undermine Advanced Protection’s increased security features.
I have great respect for the iOS security model. Seriously a marvel and best-in-class accomplishment.
But this is flatly not true. If you really care, you have Graphene et al, and even without that stock Android has plenty of well-tested features that enable you to lock down the device further than at stock. And rooting as a pathway to undermine security is a well understood aspect of the threat model
