Wait, the reward for completely bypassing most hardcore security measures in their most important device for the most valuable company in the world worth over 3 trillion is mere 2 millions?

Thats not a honest proposition by its very definition, just look at the assymetry of those numbers. Serious offer would add at least 2 zeroes to that.

It is actually reasonably fair, it only costs around 1-2M $ to find one. You expect Apple to pay 100M $ for 1M $ of work?

The real question is why is Apple allowed to lie about providing meaningful protection against state actors when they only think it only costs 2M $ to break it. In no universe is 1/5 the cost of a tank even a road bump for a state actor.

The other question is why is their security so terrible. The short answer is that they demonstrably know nothing about security since this is the most they have been able to do after decades of work, billions of dollars, and repeated promises of meaningful security. When somebody spends billions of dollars and decades failing to achieve even 1/10th of what they promised, you should take any new statements as extraordinary claims and demand extraordinary evidence.

> The real question is why is Apple allowed to lie about providing meaningful protection against state actors

It's not like anyone has been doing any better. Mobile phones are embedded devices targeted to everyday consumers, basically toys. They've never been engineered for anything like meaningful security against even mildly sophisticated attacks. The industry simply doesn't care about this, e.g. most phone SoC's are still not protected against misbehavior by any of the included devices, each of which is running some unknown proprietary firmware. That's just par for the course in the embedded ecosystem.

Why does the quality of any other product matter here?

Apple marketing claims it provides meaningful protection against state actors. Apple engineering says it does not. Even if nobody can do it, even if Apple is closer than anybody else, that does not excuse lying to people who are betting their lives on Apple’s representations that it works.

Apple can not protect against state actors. Apple knows that. If you are at risk, the only safe thing to do is avoid Apple (and all other smartphones). Apple knows that. They lie and insinuate that a iPhone is fit for this task so they can sell a few more iPhones caring not a single bit for the lives at risk. That is grossly unethical. Yet, it is par for the course in “cybersecurity”. That does not make it acceptable, that just means everything is rotten.

> Apple makes the most secure mobile devices on the market.

Well, they're not wrong on that one point. As it turns out, "most secure" is a pretty low bar. We'll see how Purism's Freedom Phone fares once it reaches genuine daily-driver status and it too becomes a target for this class of attacks.

Being open source doesn't mean immune to vulnerabilities. (and Purism's stuff will likely never be 100% open source due to regulatory complications with basebands)

Niche software often fares very poorly in terms of security because few people are trying to exploit it.

PureOS is decades behind in security compared to Android or iOS.

PureOS with Flatpak, Wayland and such make it close.

Not really. Even with modern technologies, the Linux desktop technology stack is very, very far behind when it comes to security.

The Linux kernel itself is a very weak foundation security-wise, the only way Android and ChromeOS get away with it is by using a very small feature set and restricting everything else as much as possible with seccomp, SELinux and heavy sandboxing.

The Linux desktop userland doesn't have meaningful hardening features compared to other platforms (even Windows is ahead, sadly). For example, practically all distros use glibc's memory allocator which has both poor performance and security [1] and their toolchain is based on gcc, with no support for modern compiler security features such as CFI (with the sole exception of Chimera Linux). Not to mention the permission model is completely outdated, like in that xkcd comic. Flatpak only mitigates this partially, because the Flatpak sandbox is very weak. The people working on Flatpak are doing their best, but from reading some GitHub issues, it's clear they are badly overworked and not security experts. The person responsible for Flatpak's seccomp sandbox has said it isn't even his main responsibility and he doesn't have much knowledge about seccomp and is learning along the way [2]. The Flatpak seccomp filter is based on a denylist rather than an allowlist, and many dangerous syscalls can't be blocked because applications rely on them (e.g. Firefox needs ptrace for the crash reporter). You also have to be very careful and use Flatseal (which is not officially supported) to deny permissions such as /home filesystem access, because it lets Flatpak apps override their own permissions by design [3]. And dangerous kernel components like io_uring are exposed [4], while Google disables them on their systems because of their exploitation potential.

Here is a more detailed article examining the lack of security of Linux phones in case you're interested: https://madaidans-insecurities.github.io/linux-phones.html

If you want a FOSS-based secure phone, GrapheneOS is the best option.

[1] Check this comment by GrapheneOS founder for some technical details and how it compares to hardened allocators such as Android's Scudo or Graphene's hardened_malloc: https://github.com/NixOS/nixpkgs/issues/90147#issuecomment-6...

[2] https://github.com/flatpak/flatpak/issues/4466#issuecomment-...

[3] https://github.com/flatpak/flatpak/issues/3637

[4] https://github.com/flatpak/flatpak/issues/5447