During the early days, this led to a lot of problems as it meant that malware could be easily hidden in these apps. Also, screening systems back then weren’t quite as sophisticated, thus allowing apps with malware to make it past Google’s checks. However, these days it’s starting to look very different where according to a report from WIRED, zero-day exploits for Android are being priced higher compared to iOS.
This is actually a good thing, at least for Android users, where it basically means that there are fewer zero-day exploits for Android, or at least Google has made it harder for hackers to find, thus increasing the price of those available. The same cannot be said for iOS, where it seems that there are more being sold in these underground markets, thus lowering its prices.
According to Zerodium’s founder Chaouki Bekrar who wrote in a message to WIRED, “During the last few months, we have observed an increase in the number of iOS exploits, mostly Safari and iMessage chains, being developed and sold by researchers from all around the world. The zero-day market is so flooded by iOS exploits that we’ve recently started refusing some them.”
He adds, “Android security is improving with every new release of the OS thanks to the security teams of Google and Samsung, so it became very hard and time consuming to develop full chains of exploits for Android and it’s even harder to develop zero-click exploits not requiring any user interaction.”