> Put a different way, is there any device with a high monthly active user count that has a higher cost to purchase a black market exploit than the iPhone?
I'm going to answer about operating system rather than device.
The selling price of an Android full chain with persistence zero click is up to $2.5 million. The selling price of an iOS full chain with persistence zero click is up to $2 million.
This isn't the benchmark of how secure those systems are, just a benchmark of how valuable exploiting them is. Hypothetically speaking, iOS could be more secure, but an Android exploit could be valued more if high valued targets tend to use Android. Keep in mind that phone OS usage varies quite a bit by country and wealth.
I was responding to a specific comment about prices.
You're right that the price doesn't fully correlate with security. It will reflect supply (security and interest of researchers) and demand (how much there is to be gained by breaking into each platform).
Android is more widely used, but I gather more money is spent in the app store than the play store. I don't know the market share of "interesting" users.
My analysis would be that the number shows they're not that far apart. I'd be skeptical of anyone (IE apple's press release) saying that either platform is more secure. Security is too nuanced to be expressed as a total order.
100%, thank you. I had spoken to someone at Apple who said Apple was $5M and Android was $2M, but I hadn’t bothered to check. Thanks for posting data!!
I'm going to answer about operating system rather than device.
The selling price of an Android full chain with persistence zero click is up to $2.5 million. The selling price of an iOS full chain with persistence zero click is up to $2 million.
https://zerodium.com/program.html
Both are better than any desktop operating system.