In fact, Amnesty International researchers stated that compared to devices running native Android, it is actually easier for them to find and investigate indicators of intrusion on Apple devices that target Pegasus malware.
“According to the experience of Amnesty International, investigators obtained significantly more forensic traces on Apple iOS devices than stock Android devices, so our approach focuses on the former,” the organization wrote in a lengthy article. technical analysis Its discovery on Pegasus. “Therefore, the recently confirmed cases of Pegasus infection all involve the iPhone.”
Some of the concern for Apple also stems from the company’s own emphasis on privacy and security in product design and marketing.
“Apple is trying, but the problem is that they are not working as hard as their reputation implies,” said Johns Hopkins University cryptographer Matthew Green.
However, even with a more open approach, Google faces similar criticisms that security researchers have access to the visibility of its mobile operating system.
“Android and iOS have different types of logs. It is difficult to compare them,” said Zuk Avraham, CEO of ZecOps Analytics Group and a long-time advocate of mobile system information access. “Each has an advantage, but they are equally inadequate and enable threat actors to hide.”
However, neither Apple nor Google seem willing to reveal more about the production process of digital forensic sausages. Although most independent security researchers support this shift, some also admit that increasing access to system telemetry will also help bad actors.
A Google spokesperson said in a statement to Wired: “Although we know that persistent logs are more helpful for forensic purposes, such as those described by Amnesty International researchers, they can also be useful to attackers. It helps.” “We are constantly balancing these different needs.”
Ivan Krstić, Apple’s head of security engineering and architecture, said in a statement, “Apple clearly condemns cyber attacks against journalists, human rights activists, and others seeking to make the world a better place. For more than a decade, Apple’s security innovations It has been in a leading position in the industry. Therefore, security researchers agree that the iPhone is the safest and most secure consumer mobile device on the market. Attacks as described are very complex, cost millions of dollars in development, and usually have a short shelf life. Used to target specific individuals. Although this means that they will not pose a threat to the vast majority of our users, we will continue to work tirelessly to protect all customers and continue to add new protections to their devices and data.”
The trick is to strike the right balance between providing more system indicators without inadvertently making the attacker’s job easier. An iOS security researcher said: “Apple can do a lot of things in a very safe way to allow observation and imaging of iOS devices to detect such bad behavior, but this does not seem to be considered a priority.” Will Stella Fah. “I believe they have a reasonable policy reason for this, but I disagree with this point and hope to see this thinking change.”
Thomas Reed, head of Mac and mobile platforms at antivirus manufacturer Malwarebytes, said he agrees that more knowledge of iOS will benefit users’ defenses. But he added that allowing the use of special, credible monitoring software would bring real risks. He pointed out that there are already suspicious and potentially harmful programs on macOS that cannot be completely deleted by antivirus software, because the operating system gives them this special type of system trust, which may make mistakes. The same problem with rogue system analysis tools will almost inevitably appear on iOS.