That iPhone Pegasus spyware threat is much ado about Android

Are you a human rights activist? Do you have a relative in jail in a totalitarian country or are you a member of a persecuted ethnic minority or opposition party? Are you a journalist reporting on the oppression of these people? Then the Macalope has some bad news for you, on top of the entire rest of your life which is probably already difficult enough.

No, the second season of Ted Lasso is still coming on Friday. At least we have that. No, it turns out iPhones can be hacked. Uhhh, sorrrrrrrrry?

The Washington Post says “Despite the hype, iPhone security no match for NSO spyware.”

According to a study conducted by Forbidden Stories and Amnesty International and audited by Citizen Lab, bad people continue to get access to iPhones, even newer ones. Evidence of a spyware package called Pegasus produced by an Israeli company was found on the iPhones of a number of human rights advocates and journalists around the world.

At least Palantir had the good taste to name itself after something that was corrupted by the Dark Lord, Sauron, and used to ensnare both Saruman and Denethor. That was perfect naming. Weirdly honest, but perfect. Naming your spyware after the winged horse that Bellerophon rode to defeat the Chimera is just rude.

The Macalope knows Pegasus. The Macalope worked with Pegasus. You are no Pegasus.

The spyware can activate cameras or microphones to capture fresh images and recordings. It can listen to calls and voice mails. It can collect location logs of where a user has been and also determine where that user is now, along with data indicating whether the person is stationary or, if moving, in which direction.

And all of this can happen without a user even touching her phone or knowing she has received a mysterious message from an unfamiliar person…

Just gonna go ahead and say it: This ain’t good! No, sir. Do not like. Would rather it were not the case!

Controversial opinion? Uh, no, not really.

The Post makes a certain amount of hay with these being iPhones.

Researchers have documented iPhone infections with Pegasus dozens of times in recent years, challenging Apple’s reputation for superior security when compared with its leading rivals, which run Android operating systems by Google.

It goes on to note that 23 of the 34 iPhones examined were successfully infected by Pegasus.

Only three of the 15 Android phones examined showed evidence of a hacking attempt, but that was probably because Android’s logs are not comprehensive enough to store the information needed for conclusive results, Amnesty’s investigators said.

But it’s a little bit more than that. As it turns out, the fact that iOS stores more information was specifically why the researchers chose to focus on iPhones. If you read Amnesty’s report you’ll see:

In Amnesty International’s experience there are significantly more forensic traces accessible to investigators on Apple iOS devices than on stock Android devices, therefore our methodology is focused on the former.

Amnesty also explicitly says its results “do no necessarily reflect the relative security of iOS devices compared to Android devices.” The Post seems to have wizzed past that segment in its rush to downtown Gotchaville, population: Apple.

This seems to happen a lot. A researcher will find a problem with iOS and say “You can’t draw broader conclusions from this!” and people will say “OH, YEAH?! WELL, YOU’RE NOT MY DAD!”

In fairness, it’s true. The researchers are not those peoples’ dad. Except in one case and that person was sent to their room.

Sadly, if you are a human rights activist, someone from a dissident group or a high-profile member of an opposition party — in other words, someone that someone else is willing to pay a significant amount of money to hack — it is likely that neither iOS nor Android is going to protect you. Bad people, like love and life and morning glory vines, find a way.

You’d think an ungulate wouldn’t mind morning glory vines getting all over everything but they taste like soap.

For the vast majority of people, however, iOS continues to be generally more secure. The Post even admits outside researchers praise Apple for refusing to unlock an iPhone 5c for the FBI five years ago as well as the company’s continued security improvements. And this is before you bring up privacy.

iOS and Android both have things they’re better at. Just as you can’t argue that iOS provides more hardware choice, you can’t argue that Android is more secure for the average user. Apple should always be striving to provide better protection for all its customers. But The Post does a bit of a disservice to its readers by implying there’s more of an equivalence in security between iOS and Android for most people than there is.