The Macalope on the Washington Post’s article about Pegasus & iPhone

The Macalope reacted to the Washington Post’s story Despite the hype, iPhone security no match for NSO spyware, and went after the newspaper’s apparent unfair take on iOS, following Amnesty’s Forensic Methodology Report: How to catch NSO Group’s Pegasus.

Amnesty also explicitly says its results “do no necessarily reflect the relative security of iOS devices compared to Android devices.” The Post seems to have wizzed past that segment in its rush to downtown Gotchaville, population: Apple.

This seems to happen a lot. A researcher will find a problem with iOS and say “You can’t draw broader conclusions from this!” and people will say “OH, YEAH?! WELL, YOU’RE NOT MY DAD!”

The Macalope’s post perfectly summarises the issue I had when I read that Post’s article. My issue had a lot to do with the way they framed the idea that because the iPhone is not 100% secure and Pegasus-proof it means Apple cannot claim the fact that the iPhone is more secure than its competition. I found it a bit weird, and I’m glad for the Macalope’s take on this:

The Post does a bit of a disservice to its readers by implying there’s more of an equivalence in security between iOS and Android for most people than there is.

Exactly.

The essence of the Post’s story is a bit like saying Usain Bolt cannot claim to be the fastest man alive if there is another person that can go faster while riding a motorbike. Being the best doesn’t mean being perfect, and being the most secure phone doesn’t mean being immune to crazy sophisticated spyware like Pegasus. You would think it’s obvious, but that’s not the story the article tells.

Sure, maybe Apple can lower its voice a little when it comes to security. They can still brag about it, and for good reasons. But maybe a little less. And sure, Apple should continue to dedicate tons of money to work on security, and then spend a lot more, and then a lot more again, to do better, as they should, as Google should.