People love to lecture me about how superior their iPhone is to my Android phone. (Or they used to.) Google says iPhone security flaws let websites hack them for years.
Once upon a time, they would tell me how GREAT Apple was at keeping their phone’s battery alive. Then it turned out that Apple was doing that by throttling the processor. (I haven’t heard much about that in recent years.)
Next it was how a closed-source, software-system that had never been subject to an outside audit was just so superior to open source. Then it was revealed that their messaging app, for which they wrote their own cryptography, was leaking data all over the internet, and they were forced to implement the open-source functions found in Signal.
And now we have this.
Google’s Project Zero security researchers revealed that they found several hacked websites that slipped malware onto people’s iPhone for years. If people visited one of the sites, their messages, photos and location data could be compromised. The team reported their findings to Apple earlier this year, and the vulnerability was patched in the same update that fixed the FaceTime eavesdropping bug.
This was a serious breach of security.
This hack gave attackers full control of the victims’ iPhone, allowing hackers to install malicious apps, get real-time location data, as well as stealing photos and messages, even if they are encrypted. Because of the malware’s deep level of access, it could get contents of messages before they were even encrypted, Google explained. The implant could access the device’s keychain, which includes passwords and database files used by end-to-end encrypted messaging apps like WhatsApp, Telegram and iMessage.
So is Android better? Probably not in practice, which is why the only apps I use on my phone revolve around listening to music. And I doubt this will stop the Fanbois from telling me how completely secure the iPhone is.