Despite the Hype, iPhone Security No Match For NSO Spyware (washingtonpost.com) 116
International investigation finds 23 Apple devices that were successfully hacked. From a report: The text delivered last month to the iPhone 11 of Claude Mangin, the French wife of a political activist jailed in Morocco, made no sound. It produced no image. It offered no warning of any kind as an iMessage from somebody she didn't know delivered malware directly onto her phone -- and past Apple's security systems. Once inside, the spyware, produced by Israel's NSO Group and licensed to one of its government clients, went to work, according to a forensic examination of her device by Amnesty International's Security Lab. It found that between October and June, her phone was hacked multiple times with Pegasus, NSO's signature surveillance tool, during a time when she was in France. The examination was unable to reveal what was collected. But the potential was vast: Pegasus can collect emails, call records, social media posts, user passwords, contact lists, pictures, videos, sound recordings and browsing histories, according to security researchers and NSO marketing materials.
The spyware can activate cameras or microphones to capture fresh images and recordings. It can listen to calls and voice mails. It can collect location logs of where a user has been and also determine where that user is now, along with data indicating whether the person is stationary or, if moving, in which direction. And all of this can happen without a user even touching her phone or knowing she has received a mysterious message from an unfamiliar person -- in Mangin's case, a Gmail user going by the name "linakeller2203." These kinds of "zero-click" attacks, as they are called within the surveillance industry, can work on even the newest generations of iPhones, after years of effort in which Apple attempted to close the door against unauthorized surveillance -- and built marketing campaigns on assertions that it offers better privacy and security than rivals.
[...] Researchers have documented iPhone infections with Pegasus dozens of times in recent years, challenging Apple's reputation for superior security when compared with its leading rivals, which run Android operating systems by Google. The months-long investigation by The Post and its partners found more evidence to fuel that debate. Amnesty's Security Lab examined 67 smartphones whose numbers were on the Forbidden Stories list and found forensic evidence of Pegasus infections or attempts at infections in 37. Of those, 34 were iPhones -- 23 that showed signs of a successful Pegasus infection and 11 that showed signs of attempted infection.
The spyware can activate cameras or microphones to capture fresh images and recordings. It can listen to calls and voice mails. It can collect location logs of where a user has been and also determine where that user is now, along with data indicating whether the person is stationary or, if moving, in which direction. And all of this can happen without a user even touching her phone or knowing she has received a mysterious message from an unfamiliar person -- in Mangin's case, a Gmail user going by the name "linakeller2203." These kinds of "zero-click" attacks, as they are called within the surveillance industry, can work on even the newest generations of iPhones, after years of effort in which Apple attempted to close the door against unauthorized surveillance -- and built marketing campaigns on assertions that it offers better privacy and security than rivals.
[...] Researchers have documented iPhone infections with Pegasus dozens of times in recent years, challenging Apple's reputation for superior security when compared with its leading rivals, which run Android operating systems by Google. The months-long investigation by The Post and its partners found more evidence to fuel that debate. Amnesty's Security Lab examined 67 smartphones whose numbers were on the Forbidden Stories list and found forensic evidence of Pegasus infections or attempts at infections in 37. Of those, 34 were iPhones -- 23 that showed signs of a successful Pegasus infection and 11 that showed signs of attempted infection.
Everything connected to the Interwebs is hackable (Score:5, Insightful)
such that it's a matter of degree. If you have good security, only big crime organizations and state actors with billion-dollar-budgets can get in. If you have lousy security, then every script kiddie and their dog can get in.
Re: Everything connected to the Interwebs is hacka (Score:2)
Re: (Score:2)
In computing, security is always a tradeoff of security vs convenience.
Re: (Score:2)
Several U.S. universities recently completed an unhackable computer called Morpheus, which continuously alters its op-codes, making hacking unfeasible.
Re: (Score:1)
The idea that unbreakable system pieces such as a so-called unhackable computer will provide for unbreakable systems is naive and fails to account for the scope of the problem.
A functioning system consists of multiple pieces, communication methods, operating systems, operational software, and of course: people. All of these items have to be as unbreakable as the "unhackable" computer.
Anything above a trivial level of complexity will have weaknesses and will be only as invulnerable as the weakest link.
Re: (Score:3)
Indeed. It may be fool-proof at the binary level, but a bad API or OS bug could still give hackers admin access. We could have super-simple OS's and software, but then we'd sacrifice features and/or development time.
It would be hard to compete if your product is say 5x costlier than the competition. Customers will be dubious of your claim that it's "significantly more secure". They have no direct way to verify. Customers/consumers can only go by what they can verify, and careful security engineering is hard
Re: (Score:2)
I believe that above computer would be unhackable, it would also not be capable of of running any software
which continuously alters its op-codes
The ultimate in trading convenience for security.
Re: (Score:2)
You only have to stop it from being able to install and run new software; eg, be appy. If it can't app, it doesn't need to be hackable.
Eventually we'll presumably figure out what tasks we actually want to carry around in our pockets, and then we can just have devices that do those things, and don't update or install anything at all.
Re: Everything connected to the Interwebs is hacka (Score:2)
> Eventually we'll presumably figure out what tasks we actually want to carry around in our pockets, and then we can just have devices that do those things, and don't update or install anything at all.
How much would you pay per month for that device?
If you answered anything less than 30 2021 dollars, there is precious little motivation versus things you can pay for apps on.
If you answered something like, oh I will just buy it once, it does not even update!
â¦then you will be waiting a long time
Re: (Score:2)
You keep getting confused between "you" and "we."
Maybe I'm the one that is going to build it?
Re: (Score:3)
So here's the thing - if you can access the bank web site on the device, so can I.
I'd they actually scrambled the opcodes (they didn't), indeed it would be harder for me to exploit the device, because I'd have to use the translation table just like I do for polymorphic malware, which actually does apply a random function to the opcodes. (Meaning F is a member of function family R, NOT like Java random()). HOWEVER, that would also make it ~ impossible for YOU to use the device, because you don't know what t
Re: (Score:2)
Re:Everything connected to the Interwebs is hackab (Score:4, Insightful)
You know... at least until the tools the big boys develop get out onto the 'net and into the hands of the script kiddies.
Re: Everything connected to the Interwebs is hacka (Score:3)
Re: (Score:2)
Re: (Score:2)
The problem is a lot of people think good security is just a technical thing. While there is a larger and more complex social and policy issue that needs to be addressed.
No matter how many million or billion of dollars you put into security. If Mr. Bossman decides to click on that link, installs that software (because he is the Boss so you cannot say No for his request for elevated access) Then boom, your whole organization is down. Despite not being able to get in from the outside.
Re: (Score:2)
I wonder if anyone has developed a clever "bossman" config which gives them the apparent elevated access with no restrictions (which is mostly web browsing) but in a way where they're breached, it doesn't matter much.
Hillary Syndrome (Score:1)
Often it's PHB's that take shady shortcuts. They'll throw tough security at their minions, but often feel "above" safeguards. "Hillary Syndrome"? (And/or Ivanka syndrome, both parties F such up.)
Re: (Score:1)
In practice, commercial products will very likely have at least one exploitable hole because the techniques to prevent them are very very labor intensive such as to make them not economically competitive and/or marketable, as I describe nearby per "customer's verification problem".
Limba security. (Score:2)
These kinds of "zero-click" attacks, as they are called within the surveillance industry, can work on even the newest generations of iPhones, after years of effort in which Apple attempted to close the door against unauthorized surveillance -- and built marketing campaigns on assertions that it offers better privacy and security than rivals.
Bars pretty low on the competition anyway.
Nothing on your phone is secure (Score:4, Informative)
Re: (Score:1)
Shit, Xi then knows I'm wanking off to his wife. That's okay, he's probably wanking off to mine.
Really zero-days though? (Score:1)
It's harder for me to believe that uber-elite hackers have uncovered all these unpatchable zero-day vulns than it is to believe that Apple was just forced to leave the door open for the spies.
People don't screw up? Haven't met many people, ha (Score:4, Insightful)
It's hard for you to believe that the millions of lines of code in Apple's software has a few mistakes? A couple things the developers didn't think of?
If it's truly hard for you to imagine that people make mistakes, or overlook things, I can only assume you haven't met very many humans.
I TEACH programmers how to make more robust software.
I've been studying how to make better, more secure software for over 20 years. Still, my code is nowhere near perfect.
Re: (Score:1)
It's hard to believe that whatever persistent vulnerability these tools exploit has remained unpatched. I don't get the impression that NSO group is using a new exploit every other week as their previous hole gets closed. They wouldn't be able to guarantee the results the do if they don't know they'll have the same access a week from now. Maybe I'm wrong.
Re: (Score:2)
Thry only need to find a new one when Apple stumbles upon the one they're using. Which seems to be about once every 18 months or so.
Re: (Score:2)
If you look at the IOS update cadence [wikipedia.org], the zero-day exploits are really several-months exploits. Apple likes to push large updates, whereas small security patches would be more desirable. I don't care about the broken in a fresh new way itunes update. Give me the crucial security updates as soon as you have them throughly tested.
Re: (Score:3)
It's already hard to get people to install updates, and people complain ferociously if you install updates without them asking. If you increased the cadence to, say, twice a month, some people would just stop updating their phones. They'd see the red badge and learn to ignore it. You could legitimately make the problem worse by increasing the update frequency.
I was on the beta track of Telegram for a while, and it would pop up an Update badge several times a week. Sometimes several times a day. I started hu
Re: (Score:2)
Regardless, Microsoft learned that update cadence for critical security risks is a bad thing. They release critical updates as soon as they're available now. Apple needs to catch up
Re: (Score:2)
We had the source of the GOTO Fail vulnerability. It was interesting, the sort of thing that static analysis should have pulled up. That suggests that Apple doesn't do static analysis, or at least not 100% coverage.
In fact if they had a decent set of compiler warnings enabled it would have flagged up unreachable code.
If it wasn't deliberate it was a pretty alarming mistake.
Re: (Score:1)
So Apple deliberately leaves vulns for jailbreakers? Exploits that in the past have involved arcane event timing and complex data attacks?
A conspiracy rather than simply not completely tamed complexity?
Maybe but I don't think so.
Of course not. They have a good track record of patching vulns that they know of just as they do the same thing in Android. In fact, that's a problem for me because they have patched crap and I can't jailbreak like I used to. I have to find another way if someone's found another way.
Apple has also gone out of its way to not make it easy for the Nation States to hack in to get things.
However having said that - what goes on behind closed doors, who knows? Maybe they have ways to break in. Don't know unless so
the lo-tech solution (Score:1)
... and shit like this is why I still own and use a POTS analog landline and rotary dial phone. In the US at least, you need to go through a bunch of procedural paperwork in order to legally tap my line. It's not perfect, but its a LOT better than the cell-phone world.
Re: (Score:2)
But what's the point? As soon as you speak to someone, I bet 99.9999% of your calls end up on a cellphone.
Re: (Score:1)
Actually there is only one person whom I talk to on their cell, the rest is office phones.
Re: the lo-tech solution (Score:5, Informative)
Re: the lo-tech solution (Score:2)
Re: (Score:2)
Do you think the gov't aren't interested on spying on everybody all the time? Why do you think the NSA's data centres are so astronomically huge?
Re: (Score:2)
That has no bearing on the case.
Re: (Score:2)
That has no bearing on the case.
Motive tends to be a pretty central part of any 'case'.
Re: the lo-tech solution (Score:2)
Re: the lo-tech solution (Score:2)
Re: (Score:1)
Not legally you can't. You can go to jail.
Re: (Score:2)
Re:the lo-tech solution (Score:4, Interesting)
Having been a POTS guy for several decades I can tell you definitively that faith in the security of your "analog" rotary calls is severely misplaced.
It is only analog between you and the Central Office at most, after that it is all digital. Most of the communication has been converged onto IP out of the CO. The entire telephone system is ancient and has mostly security by obscurity. Things like caller id and local number portability depend on assumptions that they are secure rather than actually being engineered from the ground up to be hardened. All of the weaknesses have roots in an ancient system that has had to maintain backwards compatibility while requiring changes to be acceptable to any incredibly diverse user base of telcos and national interests.
SS7 security is a joke.
Re: (Score:2)
Re: (Score:1)
Legally? When did that start mattering?
Are you seriously saying Android is immune? (Score:1, Insightful)
Researchers have documented iPhone infections with Pegasus dozens of times in recent years, challenging Apple's reputation for superior security when compared with its leading rivals, which run Android
No security is 100% effective, especially not when you are talking nation level funding and expertise devoted to finding holes, and the ability to deliver over something like an SMS network.
But this statement seems to be making the claim that somehow Android is immune to this attack as well? I don't think so.
Re: (Score:3)
Android could very well be immune to this particular attack, because Android doesn't have iMessage.
What I'm wondering about, however, is this part:
"Amnesty's Security Lab examined 67 smartphones whose numbers were on the Forbidden Stories list and found forensic evidence of Pegasus infections or attempts at infections in 37. Of those, 34 were iPhones -- 23 that showed signs of a successful Pegasus infection and 11 that showed signs of attempted infection."
So if all iOS devices are vulnerable, how did those
Re: (Score:2)
Android could very well be immune to this particular attack, because Android doesn't have iMessage. What I'm wondering about, however, is this part: "Amnesty's Security Lab examined 67 smartphones whose numbers were on the Forbidden Stories list and found forensic evidence of Pegasus infections or attempts at infections in 37. Of those, 34 were iPhones -- 23 that showed signs of a successful Pegasus infection and 11 that showed signs of attempted infection."
And you should wonder about that sentence. It lists the number of smartphones examined but then quotes the number of iPhones hacked. Without knowing what fraction of the phones were iPhones, the sentence tells us nothing useful about the relative hacking of iPhones and Android phones.
(but... the fact that 11 of the iPhones has attempts at hacking thad didn't succeed is also interesting. Presumably there had been a software patch that closed the hole? but some phones had been infected before the patch came
Re: (Score:2)
The proportion of iPhones hacked almost doesn't matter either. Presumably most people being hacked are fairly wealthy or have something else interesting about them, and we know that iPhone owners tend to be better off. If 100% of people that have something worth hacking own iPhones, then 100% of phones hacked will be iPhones. So you'd also have to know the demography of the targeted group.
Re: (Score:1)
Just my speculation: maybe the attempt is/was the message and the infection needed to leverage a vector in another fairly-common but not universal app?
Re: (Score:2)
Software version differences(maybe it's a new exploit to iOS14), MDM configuration, presence of certain settings or other software packages that may not be universal, certain permissions granted to certain apps, etc etc etc.
Re: (Score:1)
Come on fanboy.
You know (grammar) that the article did not (implicitly/explicity) indicate that Android is/was immune to anything.
The point is that Apple claims superiority and does not seem to deliver.
The simple fact is that a text message should not have the ability to do anything; the messaging app. can notify the user of the arrival etc.
But, remote code execution here is ridiculous: Apple failed.
Re: (Score:2)
...The point is that Apple claims superiority and does not seem to deliver.
More specifically, the point is that Apple claims superiority but does not seem to be perfect.
Not enough info in the article to tell if they're superior or not. The article does show that they're not perfect.
Re: (Score:2)
That statement is clearly saying that Apple doesn't have SUPERIOR security. Being superior to something means "better than". How does that suggest saying that Android is immune? The most likely reading is they're equally hackable. The only other alternate reading is Android is better; but better still w
Re: (Score:2)
"Researchers have documented iPhone infections with Pegasus dozens of times in recent years, challenging Apple's reputation for superior security when compared with its leading rivals, which run Android" That statement is clearly saying that Apple doesn't have SUPERIOR security. Being superior to something means "better than". How does that suggest saying that Android is immune? The most likely reading is they're equally hackable. The only other alternate reading is Android is better; but better still wouldn't imply completely immune. But of course, if you didn't misunderstand things then go off on the meaning you've imagined, I could see it posing quite the challenge for your other beliefs, Kendall.
I would take your comments seriously if it cited a real world comparison of Pegasus infection rates between iOS and Android. However, since you went for "Apple device security sucks because somebody on the internet who is hidden behind a shitty paywall says so!!!" I'm going to write you off as either an idiot, a troll or both rolled up into one.
Re: (Score:2)
Re: (Score:2)
Re: Are you seriously saying Android is immune? (Score:1)
Re: (Score:2)
Android is for the plebs.
Re: (Score:2)
Far from, but Apple iPhone is used by almost all the wealthy and important individuals here in the U.S.
Well, at least that's what Apple would like to be the case. I don't suppose you have a credible citation to back up that statement, or a rational explanation of where the "plebs" are getting the money to buy $1000+ Samsung phones?
We did a study on that (Score:5, Interesting)
The school of Cybersecurity at Georgia tech did a study on that. A peer-reviewed study led by people who have PhDs in the field, not random fanbois on Slashdot.
What the study found is that in the default configuration, not side-loading "hacked" apps from warez sites, both platforms are actually very secure. Far above Windows, for example.
The proportion of infections was about the same for iOS and Android, both far better than Windows.
Re: We did a study on that (Score:2)
Re: (Score:2)
While I don't have a proper study for F-Droid, I can share my viewpoint as a career security professional who is also an open source developer.
I would be comfortable installing from F Droid if and only if:
I actually need the app. Any app is a risk, so don't install shit you don't need.
I've looked at the permissions on the app and they make sense.
Often, the permissions on PUP give it away because most people don't bother to look at permissions. So the authors of these apps often don't bother with any sophist
Re: We did a study on that (Score:2)
Re: (Score:2)
Would be interesting to have a list of vulnerable phones. iPhones are very common so are a lucrative target, but I bet a lot less effort goes into cracking say a Google Pixel's security.
Re:Are you seriously saying Android is immune? (Score:4, Interesting)
The simple fact remains that Apple has been head and shoulders above Android for everyday security that protects against most spy/malware.
This "simple fact" isn't actually true. By every objective measure I know of -- CVE count weighted by severity, hacking competition results, 0day payouts -- Android security is better than iOS. Of course, this assumes that your Android device has received the latest security patches and doesn't contain any manufacturer-installed malware (which is especially problematic among lower-tier devices).
Interestingly, I think the reason Android security on patched-up devices from good OEMs is better than iOS is because Android OEMs fail so badly at delivering security updates. The Android Security team at Google (of which I'm a member) has had to focus on developing resilient security infrastructure because we know that many devices won't receive updates when vulnerabilities are found. The most important such component is SELinux, and the very restrictive way it's configured on Android devices. The result of that effort is that when an attacker finds a vulnerability that gives code execution in one system component, they usually find that their exploit doesn't actually get them to anything of value. At best it offers them a springboard from which they can try to exploit some other vulnerability, and so on until they maybe eventually reach something of value. Successful modern Android exploit "chains" tend to require sequences of 5-10 separate vulnerabilities. This makes successful exploit chains rare and hard to find.
iOS, in contrast, has little of the internal firewalling that Android has, and as a result it typically only takes one or two vulnerabilities to completely compromise the OS. The reason that iOS hasn't focused on developing resilient security is simple: Apple can react quickly and effectively to patch vulnerabilities when they're discovered, because Apple controls the updates.
But when you have an Android device that both has all of that internal compartmentalization and the latest security patches, the result is very good. Look at the history of MobilePwn2Own competitions, for example, and you'll find that the only phone that typically survives unscathed is the Google Pixel, and that the most-broken device is the iPhone. Similarly, look at Zerodium's 0day payouts.
Re: (Score:2)
MacOS doesn't have the same vulnerabilities as Windows. I can't exploit a Windows Print Spooler zero day on MacOS. So, yes, it's entirely likely that "pegasus", as a defined software exploit, doesn't affect Android. Android has its own
Um, duh? (Score:5, Insightful)
If the NSO doesn't have at least a handful of people in critical roles in both Google's Android OS teams and Apple's iphone teams (as well as any other dominant phone developer) I'd be both fucking astonished and frankly a little disappointed.
To be clear, I mean surreptitiously, NOT with the awareness or agreement of those firms.
They may well have people officially on their teams to liase with the government, but intel organizations would be pretty incompetent not to have wormed someone onto those teams (or suborned someone already there) that they're NOT aware of and very likely might be one of the more passionate "don't cave in to fucking Uncle Sam, yo!" characters, although frankly that would be a bit obvious.
Re: (Score:2)
I have to think it would take more than one or two plants at Apple and Google to ensure certain exploits exist or stay unpatched. Occam's Razor tells me these co's are being forced to allow ways in.
Re: (Score:2)
Re: (Score:1)
The NSL is what I believe happened. Even one person granting a bad actor access to the developer network would be detected, no?
Re: Um, duh? (Score:1)
Re: (Score:1)
There is still some anti-Semitism because of this worry in engineering. Stuff might get back to Israel and be weaponized, the engineers might be malicious or agents of the Israeli government/some Israeli corporation.
Very similar to the sinophobia experienced by Chinese people in engineering at the moment.
Of course for some of us the bigger concern is National Security Letters, or NSA/GCHQ not disclosing issues they found.
Re: (Score:1)
Really Ami? Security is not anti-Semitic or anti-anything else. There is no such thing as sinophobia. Let's stop with the made-up word BS and PC.
Work with someone at the Taiwan embassy downtown and ask them about China. I have. You have to understand China wants them back and wants to kill a lot of them. That's no sinophobia, that's the hard truth reality. There is also the fact they ARE Chinese. China in fact does bad and even horrible things. It's the ideology that's bad, not the people.
Security is securi
Stallman (Score:5, Insightful)
Point missed (Score:2)
Nothing in the article supports the assertion that Android phones are immune to Pegasus attacks. It does make it clear that iPhones are not immune, and possibly even less secure than their Android counterparts, despite Apple's marketing to the contrary.
Of course, if you are part of Google's Android universe, there may not be any need for Pegasus. The right nation state may only need to ask their liaison at Google for everything the know about you.
Re: (Score:2)
Re: (Score:2)
That should be the takeaway: iPhones are vulnerable to known attacks. Androids may no be vulnerable to the same attacks but that does not mean they are invulnerable to any attacks.
Certainly not. However, I think there is good evidence that patched-up Android devices from quality manufacturers (yeah, lots of qualification there) are significantly less vulnerable than iPhones. https://apple.slashdot.org/com... [slashdot.org]
Re: (Score:3)
Remember that Apple is the one which operates in China, under Chinese rules which include the law requiring them to assist the government with access to data. Chinese iPhone user's data is stored in China.
No way to tell if Android phones were hacked (Score:3)
Microkernel (Score:2)
Re: Microkernel (Score:2)
IOS is based on Darwin which is MACH with a BSD layer. MACH is a micro kernel.
Re: (Score:2)
Disable iMessage (Score:2)
Re: (Score:2)
If you're actually concerned for eavesdropping, then you would activate another Apple ID rather than share your primary account across devices you do not exclusively use...
Why havenâ(TM)t they released technical detai (Score:2)
We canâ(TM)t really know anything without some more information. If they donâ(TM)t have it, how can they know the infection was succesful?
come on Apple get to work (Score:2)
How can we detect it ?! (Score:2)
Re: (Score:2)
Very simple - and this works across makes / models of cellphones:
If you're a political activist, a union leader, an elected official, a CEO of a large company, an international spy or some other kind of person of interest, your cellphone is likely compromised by some sumbitch's spyware for nefarious purposes.
If, on the other hand, you're a ordinary person - like 99.9% of the population - then you're only spied upon by Apple or Google for crass commercial reasons.
Something smells fishy (Score:3)
From TFA:
an iMessage from somebody she didn't know delivered malware directly onto her phone
and
she has received a mysterious message from an unfamiliar person -- in Mangin's case, a Gmail user going by the name "linakeller2203."
I don't think you can send imessages through gmail, so which vector did she get infected through?
Re: Something smells fishy (Score:2)
You can configure iMessage to display a verified email as the senderid.
An iPad without cellular service for example can send iMessages with user@example.com in the sender field.
Even an iPhone user can trivially change a setting to do this.
Money (Score:2)
I don't listen to Apple's advertising on how good their security is. I only look at how difficult they say their own systems are to break:
https://developer.apple.com/se... [apple.com]
Below this is converted to the price of one median Apple engineer (USD 300k/yr, no benefits) working on an exploit.
iCloud
Unauthorized access to iCloud account data on Apple Servers / 4 months
Device attack via physical access
Lock screen bypass / 4 months
User data extraction / 10 months
Device attack via user-installed app
Unauthorized a
The hardware is compromised (Score:2)
The phone hardware, telecom network gear, and servers the phones connect to are compromised. The only way to have secure communications is to not be even be near a mobile phone.
Measures and counter measures (Score:2)
And if use of the software can be bought for a certain sum of money, then the countermeasures to render it ineffective will fetch many
Re: (Score:1)
Why not put a hardware read-only switch on the phone. Oh wait, then the spooks won't be able to remotely compromise your “secure” communications.
illegal to produce a totally secure mobile phone (Score:1)
Lets hope Apple gets a look at this (Score:2)
Lets hope Apple gets a look at this so they can pull the malware apart and figure out how it works and fix the flaws its using to get in.
Strange that iOS logs and Android does not (Score:3)
The analysis says that iOS has logs which helped them find the breaches while Android does not have the equivalent.
Doesnâ(TM)t Android ship logs to a developer if an app crashes?
Re: (Score:2)