I want to share this post because I was disappointed to see this popular smartphone cracking tool works very well across Android versions and devices while iPhone enjoys relative security.

The graphic also shows premium devices specifically are vulnerable to their tools, so one cannot argue that the problem is funding or cheap devices getting owned because of dumb changes by the vendor – premium devices fare not much better. Even Google controlling the hardware and the software of their Pixel line remains vulnerable to data extraction while the latest iPhone versions aren’t.

To me, this sounds like the state of Android physical security might be inferior. Why? What can be done to fix this? Perhaps is it because Android is more popular globally so they get more work targeting Android?

It could also be coincidental that at the time the documents leaked, the iPhone stuff was being finished up and there is actually not that much difference if you have an attacker who has lots of time and money.

EDIT: Removed wrong information. EDIT: Added more material for discussion.

  • Hnery
    link
    fedilink
    English
    arrow-up
    17
    arrow-down
    1
    ·
    5 months ago

    Android, afaik, is less secure by default to begin with. More freedom, more options to customize, more attack surface. Also, just because Cellebrite can’t pwn iOS 17.4 yet, doesn’t mean it can’t do it a month ahead from now.

    Another very important factor I can see is Apple’s walled garden, where they could literally remote control your device. Through the new rapid security response (or whatever they called it in marketing wank) they can push updates to all active iOS devices more or less overnight - at least if the vulnerability is known to them and they have a patch. Compare that with Android where some devices don’t receive any updates after the initial release.

      • Sethayy@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        8
        ·
        5 months ago

        No way graphene isn’t leagues stronger than iPhone no?

        They’ve even submitted their hardened malloc to upstream Linux, which is definitely more secure

    • seang96@spgrn.com
      link
      fedilink
      English
      arrow-up
      3
      ·
      5 months ago

      To be fair Android does that now too with mainline and every OS upgrade they make more modules that get updated from the play store rather than OS updates.