Many smartphone users, especially those who feel they may be spied upon due to their social standing, are now considering this issue – Pegasus Spyware. How secure is an Android phone compared to Apple’s iPhone?
The issue arises due to the Pegasus spyware, which targeted 50,000 individuals, including hundreds in India. Amnesty International discovered it on numerous iPhones during forensic investigations.
Let’s start with the facts before we compare iPhone versus Android security.
Amnesty International claims Pegasus has been used to target 50,000 phone lines in recent years.
Pegasus is spyware developed by the Israeli NSO Group. The Israeli government considers Pegasus a weapon. Exports to other nations — 45 countries, including India, have utilized Pegasus — must be approved by government authorities on an individual basis.
Amnesty International examined 67 phones to see whether they were infected or attacked by Pegasus. It discovered convincing proof that Pegasus assaulted 37 of them.
34 of the 37 were iPhones. 24 of the 37 phones had Pegasus attacks on them. The 13 other phones revealed signs of assault but no clear confirmation of success.
According to Amnesty International, several of these iPhones were current models including the iPhone 11 and the iPhone 12, and others were running iOS 14.6. Some were hacked as recently as July 2nd.
Amnesty accuses iMessage security flaws of helping NSO Group get into the affected iPhones.
Analysis of Pegasus Spyware
“Our forensic research has shown that NSO’s malware has successfully infected iPhone 11 and iPhone 12 devices through iMessage zero-click assaults. Thousands of iPhones may be hacked “Danna Ingleton, Amnesty Tech Deputy Director
Is this a devastating judgment on the iPhone’s security? It does, especially because Apple has promoted the notion that iPhones are much more secure and safe than Android phones. So are Android phones safer than iPhones? No way.
1- Many individuals, especially those who are under surveillance, think that the iPhone will protect their privacy and data. This is opposite to what Amnesty discovered in its forensic testing.
2- Android phones fail to maintain security records, Amnesty observed. So, even if they were hacked by Pegasus, Amnesty thinks proving it is more difficult than proving it with an iPhone. Amnesty notes: “Like iPhones, Google Android phones were targeted, although their operating systems do not maintain accessible logs helpful for identifying Pegasus malware infestation.”
What about users? Let’s first hear what apple has to say about Amnesty and Pegasus. Apple Security Engineering and Architecture Head Ivan Krstic told India Today Tech: “Apple deplores any assaults against journalists, human rights activists, and those working to improve the world.
These sophisticated attacks cost millions of dollars to create, have a limited shelf life, and target particular people. While this means they are not a danger to the vast majority of our users, we are continuously implementing additional safeguards for their devices and data.”
The key part here is “attacks like the ones described”, and I will come back to it.
Consider iPhone security.
The big concern is that Apple claims iPhone has stronger baseline security than competing phones. Apple is probably correct. Android phones are less safe due to fragmentation and proprietary software from dozens of phone manufacturers. Android has more malware, trojans, spyware, and adware than iPhone. The Android Play Store has more rogue applications than the iOS App Store. A rogue app or adware on an Android phone has more opportunities to gather user data.
However, due to Android’s fragmentation, most Android phones do not get the same level of forensic and security scrutiny as iPhones. That is, even if an Android phone from Brand A is secure, it does not mean that an Android phone from Brand B is also safe.
While Amnesty didn’t mention it, the truth is that Android privacy, data integrity, and security are Wild West. Google has some of the best cybersecurity experts and can easily create the world’s safest mobile operating system or smartphone. But Android phones aren’t all Google. Some of them are from Samsung, Xiaomi and Realme. As a result of the complexity of the hardware and software, it is difficult to audit the security of Android phones.
Is there a safer Android?
The only way an Android phone can be safer than an iPhone is if its software is erased and replaced with a “security-focused” bespoke version of Android. Let’s name this Android S, for safety. The iPhone cannot accomplish this. On the iPhone, you get what Apple chooses to offer you.
But making a phone with Android S is difficult. No public Android S is available. Creating a “secure” version of Android will need enormous amounts of money, expertise, and attention, which only governments or billion-dollar companies can provide.
Instead, presently offered Android phones include MIUI, OneUI, OxygenOS, and others. These are nearly usually as problematic and flaky as an iPhone, if not more.
Or an Android S? Even yet, Android is not as secure as the iPhone. Reason? Aiming attack There is no 100% protection against Pegasus. There are always flaws in software and hardware. There are known and undiscovered bugs. Spyware like Pegasus, the product of millions of dollars of research, will inevitably discover and exploit one or two of these undisclosed vulnerabilities.
In other words, to be completely secure, or rather as safe as possible, one must do what Edward Snowden did in 2013 after exposing the NSA’s monitoring program in the US. Snowden placed his phones in the freezer to evade monitoring.
“At this level, it doesn’t matter… although iOS (is better) since the entrance hurdle to hack someone is greater,” said Robert Baptiste, a French security researcher renowned in India for his Aadhaar vulnerabilities.
This is the same argument Apple used to defend the iPhone and Pegasus. That doesn’t mean Apple can’t do more. People expect more from an iPhone. But it’s also ridiculous to assert the iPhone is less secure than an Android.