[lyu07282]

I think the way it probably works is that if the US gov. wants to root someones phone anywhere in the world they just do it via some API given to them by apple/google directly.

If a foreign country wants to do it to someone on foreign soil (like the saudis to bezos did [1]) they exploit some vulnerability brought on the free market (like the whatsapp/video message exploit chain the saudis used, or exploits like the NSO zero-click iMessage exploit [2]).

If a foreign country wants to spy on its own citizens who protest the government, they could just use the local phone carriers capability to silently ping, update firmware or change system settings remotely, those are intentionally part of the mobile standards (including intentionally weak encryption) so governments can spy on its people.

[1] https://www.wired.com/story/bezos-phone-hack-mbs-saudi-arabi... [2] https://www.wired.com/story/apple-imessage-zero-click-hacks/

[xk_id]

Not to undermine the plausibility of your suggestions, but I like to wonder how answers like this read like to someone with direct experience and knowledge.