Can you point to a single instance of a cellphone vendor who takes security more seriously than Apple?
Put a different way, is there any device with a high monthly active user count that has a higher cost to purchase a black market exploit than the iPhone?
Apple can always do better. It should also scare the living hell out of us that they’re currently the best in the world.
My point is that if Apple can’t secure your phones, who can? It’s enough to make one think about security through obscurity.
> Put a different way, is there any device with a high monthly active user count that has a higher cost to purchase a black market exploit than the iPhone?
I'm going to answer about operating system rather than device.
The selling price of an Android full chain with persistence zero click is up to $2.5 million. The selling price of an iOS full chain with persistence zero click is up to $2 million.
This isn't the benchmark of how secure those systems are, just a benchmark of how valuable exploiting them is. Hypothetically speaking, iOS could be more secure, but an Android exploit could be valued more if high valued targets tend to use Android. Keep in mind that phone OS usage varies quite a bit by country and wealth.
I was responding to a specific comment about prices.
You're right that the price doesn't fully correlate with security. It will reflect supply (security and interest of researchers) and demand (how much there is to be gained by breaking into each platform).
Android is more widely used, but I gather more money is spent in the app store than the play store. I don't know the market share of "interesting" users.
My analysis would be that the number shows they're not that far apart. I'd be skeptical of anyone (IE apple's press release) saying that either platform is more secure. Security is too nuanced to be expressed as a total order.
100%, thank you. I had spoken to someone at Apple who said Apple was $5M and Android was $2M, but I hadn’t bothered to check. Thanks for posting data!!
> is there any device with a high monthly active user count that has a higher cost to purchase a black market exploit than the iPhone?
This is unfair, because there is a duopoly and the only alternative on mass market is Android. Of course in such circumstances the exploits will be expensive, even if security is awful.
Ignoring this, Purism takes security more seriously, because they give the user full control over the OS with possibility to replace/reinstall or harden it. In contrast to that, rarely updated iMessage is impossible to uninstall on iOs.
Put a different way, is there any device with a high monthly active user count that has a higher cost to purchase a black market exploit than the iPhone?
Apple can always do better. It should also scare the living hell out of us that they’re currently the best in the world.
My point is that if Apple can’t secure your phones, who can? It’s enough to make one think about security through obscurity.