Discovering whether your Iphone has been hacked is nearly impossible thanks to Apple's walled garden

This week, we learned that the notorious Israeli cyber-arms-dealer NSO Group had figured out how hijack your Iphone or Android phone by placing a simple Whatsapp call, an attack that would work even if you don't answer the call.

Apple has received a lot of praise for the security of its Ios devices, which are said to be so secure in part because of Apple's walled garden strategy, which prevents Iphone owners from running third-party software unless it comes through Apple's App Store; and which limits who can repair Apple devices, and whether they can use third-party replacement parts. All of this control is said to produce a much more limited attack surface, with fewer bugs, which are corrected more quickly.

However, there are several cyber-arms-dealers that are in the business of selling exploits to hijack control over Apple's products, from Cellebrite to Grayshift to NSO Group. These companies keep the bugs they exploit a secret, making it harder for Apple to repair them.

Meanwhile, security researchers who want to develop tools to perform forensics on Apple products to determine whether they have been compromised with one of these cyber-weapons are out of luck: Apple blocks the forensic apps from the App Store, and kicks the few that sneak in. That means that in order to test an Apple device, the user first has to jailbreak it -- and jailbreaking Apple devices has gotten harder and harder, as Apple defends its own security (against competing App Stores) while weakening its users' security. Read the rest