[klabb3]

I think they mention every platform for marketing because once the device is rooted, they can extract data from any app. That doesn’t mean the vulnerability was in the app mentioned, nor that it was the fault of an app at all.

At the end of the day, it’s between platforms (specifically iOS and Apple) and these exploit devs/traders, afaiu. That’s why Apple hates them. For better or worse, putting a torch under Apple’s ass is probably a good thing for the rest of us.

OTOH, you could argue that Apple should be more of top of these things and reward the security researchers better. Things are better than 20y ago, but still it’s probably more lucrative to sell exploits to these shady actors than to scrape the floor for peanuts in hope that mega corps will reward their discoveries.

[jmkni]

I guess that once the device is rooted, they can just take screenshots/record the screen without the user knowing, so the specifics of how any particular app works don't matter?

[geraldhh]

true, thou knowing the specifics of the app will allow for a more convenient and complete data extraction

[xvector]

> than to scrape the floor for peanuts in hope that mega corps will reward their discoveries.

Security researchers capable of finding these exploits aren't exactly starving for food. They could easily land a $500k+ job at any big tech company or make a similar amount bug bounty hunting.

[eyegor]

Ah yes, the lambos come out in force at the bsides conferences.

[xvector]

You have to be very financially irresponsible to buy a Lambo on just 500k HHI