Cracking into iOS is much more difficult than it sounds, security researchers from the German firm Gamma Group say. A leaker recently revealed a secret report from the company that details the group’s failed attempts at breaking into iOS to turn iPhones against their owners. Gamma Group’s spyware called FinSpy can wiggle its way into almost any Android device, several BlackBerry handsets, and Windows Phones, but it can’t crack into the iPhone unless it’s been jailbroken.
Luckily for iPhone users, FinSpy cannot take over iOS no matter how hard it tries.
Not only is this impressive — especially given the power of FinSpy — it’s also great news for iPhone users. According to the document, which was spotted by the Washington Post, FinSpy is “designed to help Law Enforcement and Intelligence Agencies to remotely monitor mobile phones and tablet devices.”
Once FinSpy is on your device, anyone who wants to take a peek at your messages, phone calls, location data, contacts, and other sensitive data can do so remotely. In essence, it’s the perfect spyware for governments. Reports prove that it’s been used in the United States, United Kingdom, Germany, Russia, Iran, and Bahrain to spy on computers and other devices.
Luckily for iPhone users, FinSpy cannot take over iOS no matter how hard it tries. The only iOS devices FinSpy has successfully infiltrated are jailbroken iPhones that have lost most of Apple’s built-in security features in the process. When users jailbreak their iPhones, using tools like Evasi0n, they gain root access, meaning that they can they make filesystem changes. Apple does not normally allow this, so as to protect the iPhone from various threats. However, once an iPhone is jailbroken, unsigned code, including FinSpy, can run.
Android, on the other hand, is much more open. As such, it’s much easier to break into Android devices and wreck havoc. Apple runs a very tight ship, which it captains itself. The company has also repeatedly declared that it works with no governments and all of its doors are locked to keep users’ data safe.