Apple's iPhone more hack-proof than Android, Gamma Group reports in leaked document

Leaked documents from surveillance giant Gamma disclose that the Apple product's security is far superior to that of Android

PUBLISHED : Tuesday, 12 August, 2014, 10:05pm
UPDATED : Wednesday, 13 August, 2014, 9:08am

The secrets of one of the world's most prominent surveillance companies, Gamma Group, spilled on to the internet last week, thanks to an anonymous leaker who appears to have gained access to sensitive corporate documents.

And while they provide details of the capabilities of Gamma's many spy tools, perhaps the most surprising revelation is about something the company is unable to do. It can't hack into the typical iPhone.

Android phones, some Blackberries and phones running older Microsoft operating systems all are vulnerable to Gamma's spyware, called FinSpy, which can turn a smartphone into a potent surveillance device.

Users of the spyware are capable of listening to calls on targeted devices, stealing contacts, activating the microphone, tracking user location and more. But for FinSpy to hack into an iPhone, the phone's owner must have already stripped away much of its built-in security through a process called "jailbreaking".

This is good news for people with iPhones, and perhaps for Apple as well. But at a time of rising concern about government surveillance powers, it is ironic that Google's Android operating system has emerged as the global standard, with a dominant share of the world market.

Android phones have more features, and come in more shapes, sizes and colours. And they are cheaper.

But, it is increasingly clear, they are more vulnerable to the Gammas of the world, which develop and sell surveillance systems to police and government intelligence services.

The result is what might be called a growing "surveillance gap".

Those willing to pay a premium for an iPhone or iPad, perhaps for their design elegance or ease of use, are also getting disk encryption by default, an instant messaging system that resists eavesdropping and an operating system that even powerful surveillance companies have trouble cracking.

"Technology can protect you from your own government. It can protect you from somebody else's government. If you live in an authoritarian country, the disk encryption feature built into the [operating system] may be the thing keeping you safe," Christopher Soghoian, the principal technologist for the American Civil Liberties Union, said in a speech last month.

"It may be the thing keeping you from being beaten by the secret police. So it's vital that these features reach average users."

The Gamma Group, with headquarters in Germany and Britain, did not respond to an email requesting comment and has remained silent generally in the week since the leaked files began to emerge.

The files include price lists for various surveillance products (FinSpy can cost governments nearly US$4 million), as well as detailed descriptions of other spy tools and a 126-page user manual for FinSpy.

Researchers and journalists combing through some of the leaked documents have also found evidence that FinSpy had been used against lawyers and activists in Bahrain. ProPublica reported it has been deployed on computers in the United States, Britain, Russia and many other countries as well.

Yet the user manual and other documents make clear that even powerful, expensive spyware such as FinSpy have their limits.

That is why the choice of smartphones matters. Android phones are, by design, open-source systems that give programmers a wide range of powers in making apps work how they want them to.

Apple, by contrast, controls the development of the hardware and operating system, and it manages what's available in the App Store more aggressively than Google does for its Play store.

"Android is infinitely more exploitable than" Apple's operating system, said Bart Stidham, a telecommunications system architect based in Virginia. "Apple is the most vertically integrated technology company in the world. That means they have the ability to control every aspect of their devices, including the security ... There are just huge swathes of Android that are outside the control of Google."