Apple has abruptly withdrawn its lawsuit against NSO Group, citing increased risk that the legal battle might unintentionally reveal sensitive vulnerability data to the very adversaries involved in the legal dispute.
Concerning, since technical-only solutions wonât thwart a nation state actor.
Google, on paper at least, has been locking up Android, which is routinely pwned by memory-related exploits, by replacing C/C++ with memory-safe Rust and private compute (ex: mutually untrusted VMs aka pKVM).
That alone wonât ever be enough, but will definitely make it expensive for CSVs (commercial surveillance vendors) like the NSO group to come up with zero-days.
Good evening, I would be grateful if you would pay attention to my message.
Which set of measures do you think might be more productive?
Wouldnât a closed hearing at least partially resolve the issue?
I mean Is there a legal or procedural solution to the issue that Apple has identified as the reason for dropping the lawsuit?
The problem has both technical and legal dimensions and obtaining information from NSO Group is a challenging equation,
but Apple has the resources and determination to overcome this challenge, donât you think so?
Apple canât risk going up against the military-industrial complex, I donât think. In fact, Iâd not be surprised if it itself is found to be a part of it.
Donât presume they need anything of the sort. Donât mean to sound grim or dramatic, but CSVs supply key tech to an immense powerbase (dictators, authoritarian head of states, far-right nationalists, over-reaching billionaires) that when put together rule most of the world.
There is enough tinfoil in here to bake a truck load of potatoes.
Apples reasoning here is straight forward, no need for conspiracies. Also the U.S. government views NSO as an adversary and malicious actor, hence the sanctions.
Google could potentially get into a lawsuit with the NSO or other CSVs and be in less of a bad spot because AOSP is an open system which they build upon for their phones and other services. Unless Google Play Services or some other closed source service in a device is used as an attack vector, Google have less to lose than Apple does.