Tom Elam wrote:
So if this guy had an Android phone and it was targeted would he have
received a similar warning?
Hi Tom,
Great question!
I love a good discussion about the differences between iOS & Android!
"Some manufacturers (like Samsung with Knox) have strong security
layers, but they don't issue spyware-targeted warnings to
individuals in the same way Apple does because they can't identify
them while Apple always knows every user by name and location."
"On Android, many victims only learn they've been targeted through
outside organizations like Citizen Lab, Amnesty International,
or Google TAG disclosures."
"Google's Threat Analysis Group (TAG) and Project Zero do investigate
and publish reports on spyware campaigns. They sometimes notify
specific Gmail or Google account holders if they've been targeted
by state-sponsored attackers. But this is not as visible nor as
standardized as Apple's device-level warnings."
It's good that you're not posting as a troll this time. Kudos to you.
As always, I will respond to you as you respond to the rest of us.
You bring up a GREAT question of whether Google would have even noticed the exploit on a particular person's phone, especially when Android phones
don't need the privacy-robbing account that all iPhones require to work.
So the ecosystem is completely different in that on Android, the mothership doesn't have any idea who you are, while on iOS, they track you to death.
It turns out, after digging a bit, you're right that on Android, you won't get the kind of active notifications that Apple gives you on the iPhone!
This is interesting indeed. It's one case where iOS is more secure (so to speak, than Android is). Bear in mind, the iOS kernel is known to be
garbage, in that Pegasus is known to have successfully penetrated the iOS kernel so many times, I lost count. Meanwhile, the Android kernel has never been penetrated by Pegasus (at least in terms of published known exploits).
So, in a way, two things are true about the response to your question:
a. Apple notifies people of exploits, while Android likely does not
b. Yet, the iOS kernel is so often penetrated, Apple badly needs to do it!
*About Apple threat notifications*
<https://support.apple.com/en-us/102174>
We've always said the iOS kernel is utter garbage in terms of security.
Keep in mind that attacks on Android phone
have escalated this sharply year:
https://www.malwarebytes.com/blog/news/2025/06/android-threats-rise-sharply-with-mobile-malware-jumping-by-151-since-start-of-year
You love to claim Apple has no malware, and yet they do even as you claim (correctly) that Android has even more malware than iOS has, which is true.
But so what?
Who is dumb enough to install that malware?
Only dumbshits, right?
Every time they publish malware reports, I look to see if I have those products, and I never have them. Maybe because I'm not a dumbshit.
It's the same with Windows, by the way.
And Linux too.
It's just Apple that "claims" they have no malware, which is a lie.
While android malware threats are up 151% year-to-date, the absolute number of victims compared to the billions of Android users worldwide is still infinitesimally small.
What the Malwarebytes report actually says is they observed a rise in
Android malware detections in the first half of 2025 compared to the same period in 2024 where the biggest growth areas were banking trojans, adware, and spyware apps disguised as legitimate utilities.
Between you and me, counting 'adware' is a bit too much, but it is the same count they use for other syste4ms, so I guess it's fine to count it.
Most infections came from sideloaded apps (which is no surprise since every operating system except iOS allows normal loading) or from malicious ads
and phishing links.
But what was likely most telling was the surge was not evenly spread worldwide where certain regions (particularly parts of Asia, Africa, and Eastern Europe) saw much higher infection rates.
Those are NOT typically the uber-wealthy rich hotbeds of iPhone ownership.
They don't have enough money to afford the dumb-terminal ecosystem where
you have to be logged into Cupertino privacy-robbing servers 24/7/365.
In summary, to your two astute points...
a. Apple has better notification because Apple spys on your more, and,
b. Apple has less malware because Apple doesn't allow normal loading.
On 10/26/2025 3:07 PM, Marion wrote:
Tom Elam wrote:
So if this guy had an Android phone and it was targeted would he have
received a similar warning?
Hi Tom,
Great question!
I love a good discussion about the differences between iOS & Android!
"Some manufacturers (like Samsung with Knox) have strong security
layers, but they don't issue spyware-targeted warnings to
individuals in the same way Apple does because they can't identify
them while Apple always knows every user by name and location."
"On Android, many victims only learn they've been targeted through
outside organizations like Citizen Lab, Amnesty International,
or Google TAG disclosures."
"Google's Threat Analysis Group (TAG) and Project Zero do investigate
and publish reports on spyware campaigns. They sometimes notify
specific Gmail or Google account holders if they've been targeted
by state-sponsored attackers. But this is not as visible nor as
standardized as Apple's device-level warnings."
It's good that you're not posting as a troll this time. Kudos to you.
As always, I will respond to you as you respond to the rest of us.
You bring up a GREAT question of whether Google would have even noticed the >> exploit on a particular person's phone, especially when Android phones
don't need the privacy-robbing account that all iPhones require to work.
So the ecosystem is completely different in that on Android, the mothership >> doesn't have any idea who you are, while on iOS, they track you to death.
It turns out, after digging a bit, you're right that on Android, you won't >> get the kind of active notifications that Apple gives you on the iPhone!
This is interesting indeed. It's one case where iOS is more secure (so to
speak, than Android is). Bear in mind, the iOS kernel is known to be
garbage, in that Pegasus is known to have successfully penetrated the iOS
kernel so many times, I lost count. Meanwhile, the Android kernel has never >> been penetrated by Pegasus (at least in terms of published known exploits). >>
So, in a way, two things are true about the response to your question:
a. Apple notifies people of exploits, while Android likely does not
b. Yet, the iOS kernel is so often penetrated, Apple badly needs to do it! >> *About Apple threat notifications*
<https://support.apple.com/en-us/102174>
We've always said the iOS kernel is utter garbage in terms of security.
Keep in mind that attacks on Android phone
have escalated this sharply year:
https://www.malwarebytes.com/blog/news/2025/06/android-threats-rise-sharply-with-mobile-malware-jumping-by-151-since-start-of-year
You love to claim Apple has no malware, and yet they do even as you claim
(correctly) that Android has even more malware than iOS has, which is true. >>
But so what?
Who is dumb enough to install that malware?
Only dumbshits, right?
Every time they publish malware reports, I look to see if I have those
products, and I never have them. Maybe because I'm not a dumbshit.
It's the same with Windows, by the way.
And Linux too.
It's just Apple that "claims" they have no malware, which is a lie.
While android malware threats are up 151% year-to-date, the absolute number >> of victims compared to the billions of Android users worldwide is still
infinitesimally small.
What the Malwarebytes report actually says is they observed a rise in
Android malware detections in the first half of 2025 compared to the same
period in 2024 where the biggest growth areas were banking trojans, adware, >> and spyware apps disguised as legitimate utilities.
Between you and me, counting 'adware' is a bit too much, but it is the same >> count they use for other syste4ms, so I guess it's fine to count it.
Most infections came from sideloaded apps (which is no surprise since every >> operating system except iOS allows normal loading) or from malicious ads
and phishing links.
But what was likely most telling was the surge was not evenly spread
worldwide where certain regions (particularly parts of Asia, Africa, and
Eastern Europe) saw much higher infection rates.
Those are NOT typically the uber-wealthy rich hotbeds of iPhone ownership. >>
They don't have enough money to afford the dumb-terminal ecosystem where
you have to be logged into Cupertino privacy-robbing servers 24/7/365.
In summary, to your two astute points...
a. Apple has better notification because Apple spys on your more, and,
b. Apple has less malware because Apple doesn't allow normal loading.
So having an Apple account requirement has benefits for identifying
phone owners of potentially damaging malware. Not as true on Android
since the OEM cannot identify individual phones that have no account.
As for Android being immune - total BS! Pegasus can and does target
unknown vulnerabilities. The fact that state actors are in play implies
that considerable resources are in play to penetrate both iOS and Android.
Read the whole article, but here is the key point.
"Researchers have discovered seven new Pegasus spyware infections
targeting journalists, government officials, and corporate executives
that started several years ago and span both iPhone and Android devices, demonstrating that the range of the notorious spyware may be even
greater than once thought."
https://www.darkreading.com/endpoint-security/pegasus-spyware-infections-ios-android-devices--- Synchronet 3.21a-Linux NewsLink 1.2
It's just Apple that "claims" they have no malware, which is a lie.
On Oct 25, 2025 at 11:09:27 PM EDT, "Marion" <mariond@facts.com> wrote:
This iOS expert was told by Apple his phone was exploited, and, instead of >> trying to clean out the exploit, this expert essentially threw the
now-toxic iPhone over the next bridge. As if it couldn't ever be trusted.
*Apple alerts exploit developer that his iPhone was targeted*
<https://techcrunch.com/2025/10/21/apple-alerts-exploit-developer-that-his-iphone-was-targeted-with-government-spyware/>
"What the hell is going on? I really didn't know what to think of it"
said Gibson, adding that he turned off his phone and put it away on
that day, March 5. "I went immediately to buy a new phone. I called
my dad. It was a mess. It was a huge mess.""
Read the whole story. This guy got what he deserved.
Once again, Arlen posts a story that just makes him look stupid.
So having an Apple account requirement has benefits for identifying
phone owners of potentially damaging malware. Not as true on Android
since the OEM cannot identify individual phones that have no account.
As for Android being immune - total BS! Pegasus can and does target
unknown vulnerabilities. The fact that state actors are in play implies
that considerable resources are in play to penetrate both iOS and Android.
Read the whole article, but here is the key point.
"Researchers have discovered seven new Pegasus spyware infections
targeting journalists, government officials, and corporate executives
that started several years ago and span both iPhone and Android devices, demonstrating that the range of the notorious spyware may be even
greater than once thought."
https://www.darkreading.com/endpoint-security/pegasus-spyware-infections-ios-android-devices
Your statement is the lie here . Apple's most recent claim is:
https://www.techspot.com/news/109467-there-has-never-successful-widespread-malware-attack-against.html
"Apple has often claimed that its apps, services, and hardware devices
offer better privacy than competing products from Google, Microsoft, Samsung, and other tech giants. The company has now gone one step
further and publicly boasted that no successful, widespread malware
attack has ever affected the iPhone.
Apple noted in a recent blog post that the only system-level attacks targeting iOS have been mercenary spyware, which are historically
associated with state actors. These attacks typically use exploit chains executed by sophisticated hacking syndicates with massive financial backing."
To prove you are not lying you need to show a well-documented widespread iPhone malware attack that is relevant to models currently in use.
And, even more, you need to stop your lying.
I await your response.
If there is one thing he is good at it's idiotic claims easily shown to
be lies with easily discovered third party evidence. If this was a court
of law he would spend the rest of his life in jail on sequential perjury sentences.
The point I'm trying to teach the team is that the iOS kernel is garbage.
However, the facts are that the iOS kernel is the same as the MacOS kernel. The Darwin kernel is not garbage. It is Unix. You have no clue what a kernel is. Which makes sense since you have clue about any software in general.
On Oct 27, 2025 at 4:18:01 PM EDT, "Marion" <mariond@facts.com> wrote:
The point I'm trying to teach the team is that the iOS kernel is garbage.
Yes, we know that is your opinion. You can't "teach" people your opinions.
However, the facts are that the iOS kernel is the same as the MacOS kernel. The Darwin kernel is not garbage. It is Unix. You have no clue what a kernel is. Which makes sense since you have clue about any software in general.
No, we are not "the team". That name belongs to you and your trolling sock puppets.
On 2025-10-27 23:19:29 +0000, Tyrone said:
On Oct 27, 2025 at 4:18:01â¯PM EDT, "Marion" <mariond@facts.com> wrote: >>>
The point I'm trying to teach the team is that the iOS kernel is garbage. >>Yes, we know that is your opinion. You can't "teach" people your opinions. >>
However, the facts are that the iOS kernel is the same as the MacOS kernel. >> The Darwin kernel is not garbage. It is Unix. You have no clue what a kernel >> is. Which makes sense since you have no clue about any software in general.
The moronic troll has no clue about *ANYTHING* at all. There's a
similar, if not the same, village idiot in some of the TV newsgroups.
However, the facts are that the iOS kernel is the same as the MacOS kernel. >>> The Darwin kernel is not garbage. It is Unix. You have no clue what a kernelThe moronic troll has no clue about *ANYTHING* at all. There's a
is. Which makes sense since you have no clue about any software in general. >>
similar, if not the same, village idiot in some of the TV newsgroups.
True. But he IS full of opinions (AKA shit), none of which are based in reality. Because Troll.
Of course Pegasus attacks Android. I never said it didn't.
Marion <mariond@facts.com> wrote:
Of course Pegasus attacks Android. I never said it didn't.
You literally did.
"Bear in mind, the iOS kernel is known to be garbage, in that Pegasus is known to have successfully penetrated the iOS kernel so many times, I lost count. Meanwhile, the Android kernel has never been penetrated by Pegasus"
Pegasus/Chrysaor has NEVER successfully attacked the Android kernel with a zero-click exploit to my knowledge, but if you can find one. let us know.
On 10/27/2025 4:18 PM, Marion wrote:
Pegasus/Chrysaor has NEVER successfully attacked the Android kernel with a >> zero-click exploit to my knowledge, but if you can find one. let us know.
There is a very real issue with documenting Android malware attacks.
Many Android devices are not monitored, or poorly monitored, while Apple
can see what is downloaded on its devices. Lack of proof of Android infections is not the same as lack of Android infections.
Apple is better positioned to find and patch than the many Android phone producers. Thus Apple gets the spotlight while Android owners happily continue to use infected phones.
This link explains it well. Included is some evidence that Pegasus and
its offspring have infected Android devices. https://en.wikipedia.org/wiki/Pegasus_(spyware)
There are just too many.
Of course Pegasus attacks Android. I never said it didn't.
You literally did.
"Bear in mind, the iOS kernel is known to be garbage, in that Pegasus is known to have successfully penetrated the iOS kernel so many times, I lost count. Meanwhile, the Android kernel has never been penetrated by Pegasus"
Chris wrote:
Of course Pegasus attacks Android. I never said it didn't.
You literally did.
"Bear in mind, the iOS kernel is known to be garbage, in that Pegasus is
known to have successfully penetrated the iOS kernel so many times, I lost >> count. Meanwhile, the Android kernel has never been penetrated by Pegasus"
On iOS, Pegasus has many confirmed kernel-level zero-day exploitation.
Android Chrysaor has no confirmed kernel exploit. Its power came from surveillance features and persistence tricks, not deep kernel compromise.
The reason is that Android's layered defenses (sandboxing, SELinux,
verified boot, fragmentation) raised the bar high enough that Pegasus never publicly demonstrated a kernel-level breakthrough on Android.
Only the iOS kernel is exploited by Pegasus. Not Android.
iOS Pegasus Attack Chain
------------------------
User (no interaction needed)
>
WebKit exploit (Safari / Messages zero-click)
>
Privilege escalation
>
Kernel exploit (Trident chain)
>
Full root access
>
Persistence + surveillance (calls, SMS, mic, camera, GPS)
Android Chrysaor Attack Chain
-----------------------------
User installs malicious APK (social engineering)
>
App-level permissions abuse
>
Privilege escalation attempts
>
[ Stalls here: no confirmed kernel exploit ]
>
Limited surveillance (SMS, calls, mic, GPS)
>
Self-destruct if detected
Marion <mariond@facts.com> wrote:
Chris wrote:
Of course Pegasus attacks Android. I never said it didn't.
You literally did.
"Bear in mind, the iOS kernel is known to be garbage, in that Pegasus is >>> known to have successfully penetrated the iOS kernel so many times, I lost >>> count. Meanwhile, the Android kernel has never been penetrated by Pegasus" >>
On iOS, Pegasus has many confirmed kernel-level zero-day exploitation.
Android Chrysaor has no confirmed kernel exploit. Its power came from
surveillance features and persistence tricks, not deep kernel compromise.
The reason is that Android's layered defenses (sandboxing, SELinux,
verified boot, fragmentation) raised the bar high enough that Pegasus never >> publicly demonstrated a kernel-level breakthrough on Android.
Only the iOS kernel is exploited by Pegasus. Not Android.
iOS Pegasus Attack Chain
------------------------
User (no interaction needed)
WebKit exploit (Safari / Messages zero-click)
Privilege escalation
Kernel exploit (Trident chain)
Full root access
Persistence + surveillance (calls, SMS, mic, camera, GPS)
Android Chrysaor Attack Chain
-----------------------------
User installs malicious APK (social engineering)
App-level permissions abuse
Privilege escalation attempts
[ Stalls here: no confirmed kernel exploit ]
Limited surveillance (SMS, calls, mic, GPS)
Self-destruct if detected
All the above is simply opinion without a verifiable and authoritative source.
All the above is simply opinion without a verifiable and authoritative source.
Chris wrote:
All the above is simply opinion without a verifiable and authoritative
source.
Chris,
What makes you Apple trolls what you are is absurd statements like that. Let's give up discussing this since what I posted was known verified fact.
What makes you Apple trolls what you are is absurd statements like that.
Let's give up discussing this since what I posted was known verified fact.
Translation: "This is not a verifiable fact and I'm taking out of my arse."
Chris wrote:
What makes you Apple trolls what you are is absurd statements like that. >>> Let's give up discussing this since what I posted was known verified fact. >>Translation: "This is not a verifiable fact and I'm taking out of my arse."
Chris,
I'm going to respond to you as if you can think like an adult, and in doing so, I'm going to be super explicitly clear as if my lawyer was next to me.
It's the only way to respond to you Apple trolls who *hate* all facts.
FACT:
There is no publicly disclosed, independently verified Android kernel zero-click exploit attributed to Pegasus/Chrysaor comparable to the iOS kernel zero-click chains. Published technical analyses of Pegasus for
Android document implants and privilege-escalation techniques but do not publish a confirmed Android-kernel zero-click chain.
For you to brazenly deny that fact is what makes you an Apple troll.
FACT:
Android has many publicly disclosed kernel vulnerabilities and
non-zero-click (staged or user-interaction) exploits, and technical reports on Android Pegasus document staged privilege escalation; however, none of
the primary, independent technical reports publish a verified, fully remote zero-click Android kernel exploit attributable to Pegasus/Chrysaor, while multiple authoritative reports document iOS zero-click kernel chains.
REFERENCES:
iOS zero-click kernel exploits are well documented: https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-into-nso-zero-click.html
https://citizenlab.ca/2021/12/forcedentry/
Android zero-click kernel exploits are not known to exist in any public analyses of Pegasus/Chrysaor exploits. https://www.forensicxs.com/wp-content/uploads/2021/05/lookout-pegasus-android-technical-analysis.pdf
https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf
https://tech4humanitylab.clahs.vt.edu/wp-content/uploads/2025/03/Occasional-Paper-1.pdf
https://www.slideshare.net/slideshow/lookout-pegasusandroidtechnicalanalysis/74542989
https://arxiv.org/pdf/2404.19677.pdf
Tom Elam wrote:
On 10/27/2025 4:18 PM, Marion wrote:
Pegasus/Chrysaor has NEVER successfully attacked the Android kernel with a >>> zero-click exploit to my knowledge, but if you can find one. let us know. >>There is a very real issue with documenting Android malware attacks.
Many Android devices are not monitored, or poorly monitored, while Apple
can see what is downloaded on its devices. Lack of proof of Android
infections is not the same as lack of Android infections.
Hi Tom,
What you claim is so much bullshit that it shows you can't think.
Your lack of understanding is astoundingly vast given all Android phones on the planet are monitored every single day and upon every app installation.
Apple is better positioned to find and patch than the many Android phone
producers. Thus Apple gets the spotlight while Android owners happily
continue to use infected phones.
Did Apple even have a patch process before iOS 16, Tom? No.
That's how primitive the iOS monolithic system is (mired in 1980's design).
Google patches every Android 10 and up over the Internet every month.
Does Apple do that? No.
The iPhone becomes toxic the instant it can't load the latest release.
This link explains it well. Included is some evidence that Pegasus and
its offspring have infected Android devices.
https://en.wikipedia.org/wiki/Pegasus_(spyware)
Pegasus has infected Android but not the kernel, while Pegasus eats the iOS kernel for lunch, which shows the iOS kernel is well known to be garbage.
*Pegasus for Android*
<https://attack.mitre.org/software/S0316/>
To own an iPhone is to own garbage.
No public evidence shows that Pegasus/Chrysaor ever successfully exploited the Android kernel itself. The Android variant of Pegasus relied on
app-level privilege escalation and system partition modification attempts, but unlike the iOS version, there are no confirmed reports of kernel-level zero-days being used in the wild.
Chris wrote:
What makes you Apple trolls what you are is absurd statements like that. >>> Let's give up discussing this since what I posted was known verified fact. >>Translation: "This is not a verifiable fact and I'm taking out of my arse."
Chris,
I'm going to respond to you as if you can think like an adult, and in doing so, I'm going to be super explicitly clear as if my lawyer was next to me.
It's the only way to respond to you Apple trolls who *hate* all facts.
FACT:
There is no publicly disclosed, independently verified Android kernel zero-click exploit attributed to Pegasus/Chrysaor comparable to the iOS kernel zero-click chains.
Published technical analyses of Pegasus for
Android document implants and privilege-escalation techniques but do not publish a confirmed Android-kernel zero-click chain.
For you to brazenly deny that fact is what makes you an Apple troll.
FACT:
Android has many publicly disclosed kernel vulnerabilities and
non-zero-click (staged or user-interaction) exploits, and technical reports on Android Pegasus document staged privilege escalation; however, none of
the primary, independent technical reports publish a verified, fully remote zero-click Android kernel exploit attributable to Pegasus/Chrysaor, while multiple authoritative reports document iOS zero-click kernel chains.
REFERENCES:
iOS zero-click kernel exploits are well documented: https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-into-nso-zero-click.html
https://citizenlab.ca/2021/12/forcedentry/
Android zero-click kernel exploits are not known to exist in any public analyses of Pegasus/Chrysaor exploits. https://www.forensicxs.com/wp-content/uploads/2021/05/lookout-pegasus-android-technical-analysis.pdf
https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf
https://tech4humanitylab.clahs.vt.edu/wp-content/uploads/2025/03/Occasional-Paper-1.pdf
https://www.slideshare.net/slideshow/lookout-pegasusandroidtechnicalanalysis/74542989
https://arxiv.org/pdf/2404.19677.pdf
On 10/28/2025 2:24 PM, Marion wrote:
Tom Elam wrote:
On 10/27/2025 4:18 PM, Marion wrote:
Pegasus/Chrysaor has NEVER successfully attacked the Android kernel with a >>>> zero-click exploit to my knowledge, but if you can find one. let us know. >>>There is a very real issue with documenting Android malware attacks.
Many Android devices are not monitored, or poorly monitored, while Apple >>> can see what is downloaded on its devices. Lack of proof of Android
infections is not the same as lack of Android infections.
Hi Tom,
What you claim is so much bullshit that it shows you can't think.
Your lack of understanding is astoundingly vast given all Android phones on >> the planet are monitored every single day and upon every app installation. >>
Apple is better positioned to find and patch than the many Android phone >>> producers. Thus Apple gets the spotlight while Android owners happily
continue to use infected phones.
Did Apple even have a patch process before iOS 16, Tom? No.
That's how primitive the iOS monolithic system is (mired in 1980's design). >>
Google patches every Android 10 and up over the Internet every month.
Does Apple do that? No.
The iPhone becomes toxic the instant it can't load the latest release.
This link explains it well. Included is some evidence that Pegasus and
its offspring have infected Android devices.
https://en.wikipedia.org/wiki/Pegasus_(spyware)
Pegasus has infected Android but not the kernel, while Pegasus eats the iOS >> kernel for lunch, which shows the iOS kernel is well known to be garbage.
*Pegasus for Android*
<https://attack.mitre.org/software/S0316/>
To own an iPhone is to own garbage.
No public evidence shows that Pegasus/Chrysaor ever successfully exploited >> the Android kernel itself. The Android variant of Pegasus relied on
app-level privilege escalation and system partition modification attempts, >> but unlike the iOS version, there are no confirmed reports of kernel-level >> zero-days being used in the wild.
That is all a pack of lies if there ever was one.
https://expertbeacon.com/how-often-does-android-update-an-in-depth-analysis/
Some quotes:
To get a quantitative sense of how Android updates roll out across the ecosystem, let‘s look at historical data on Android version adoption.
Version Codename Release Date Adoption (Sept 2022)
13 Tiramisu Aug 2022 0.4%
12 Snow Cone Oct 2021 13.5%
11 Red Velvet Sep 2020 27%
10 Quince Tart Sep 2019 22.3%
9 Pie Aug 2018 14.5%
8.1 Oreo Dec 2017 8.2%
8.0 Oreo Aug 2017 4.9%
7.1 Nougat Oct 2016 2%
7.0 Nougat Aug 2016 2.7%
6.0 Marshmallow Oct 2015 4%
5.1 Lollipop Mar 2015 0.3%
5.0 Lollipop Nov 2014 0.2%
As you can see, the adoption of new Android versions happens gradually.
A year after release, Android 12 was only on 13.5% of devices. Even two
years after release, Android 11 was only on about a quarter of devices.
This is in stark contrast to iOS, where the latest version, iOS 16, was installed on 64% of devices within a month of release according to data
from Applealthough some variation exists between regions.
The threat is not theoretical. Malware and hacking tools targeting
known, unpatched Android vulnerabilities are common. For example, the infamous Pegasus spyware, which was used to surveil journalists and activists, exploited Android vulnerabilities that had been patched in
recent versions but remained unpatched on older devices.
Google is well aware of the Android update problem and has launched
several initiatives over the years to improve the situation:
Project Treble: Introduced in Android 8.0 Oreo, Project Treble
re-architected Android to make it easier and faster for manufacturers to update devices. It separates the Android OS framework from
vendor-specific code, allowing for faster porting of updates.
Project Mainline: Launched with Android 10, Mainline allows core Android components to be updated directly through the Google Play Store, without requiring a full system update. This allows for faster patching of
critical components.
Modular System Updates: Android 13 introduced a new photon system that further modularizes Android, allowing even more components (like the GPU driver) to be updated independently of the full OS.
Android One & Android Go: These are special configurations of Android designed for low-end devices. They use a streamlined, stock version of Android that‘s easier to update and support.
Android Enterprise Recommended: This program certifies Android devices
for enterprise use based on criteria including a commitment to timely updates. Devices must provide at least three years of security updates delivered within 90 days of release.
These efforts have seen some success. Google reports that in 2022,
devices running Android 10 and above received 50% more updates than
devices on prior versions. The time to update a device has been reduced
by 30% thanks to Project Treble. However, the fundamental challenges of Android‘s fragmented ecosystem mean there‘s still significant room for improvement.
However, the fundamental challenge of Android‘s open source,
multi-vendor ecosystem remains. Unlike Apple, Google is limited in its ability to directly control update delivery to the myriad Android
devices out there. The onus remains on manufacturers and carriers to prioritize timely updates and on consumers to choose devices wisely.
As Andy Rubin, the co-founder of Android, once said: "Android is like
Windows in the sense that when you buy a Windows PC, you don‘t always
get all the hardware drivers updated and there are a million different machines and configurations. That‘s the kind of situation Android is in."
Lack of evidence isn't proof that something isn't happening.
The only 2 papers analyzing Android-only infections are dated 2017.
Anything more recent?
Tom Elam wrote:
The only 2 papers analyzing Android-only infections are dated 2017.
Anything more recent?
*Can't you ignorant uneducated Apple trolls ever use a search engine?*
That's really the main reason you're an Apple troll, Tom.
I gave Chris plenty of current papers on Android exploits, and yet, all you can do is whine like a little girl that the Apple iOS kernel is garbage.
It's constantly exploited by zero-click Pegasus exploits, for one example.
Why does Apple make it's kernel so insecure is the question you should be asking, instead of trying to pin the blame on Android's much-safer kernel.
You gave up everything to Apple for security.
And yet, there is no security.
Why not?
HINT: Apple lied.
Chris wrote:
Lack of evidence isn't proof that something isn't happening.
Classic *desperate* excuse by Apple trolls who hate the truth about Apple.
It's clear that you Apple trolls *hate* that Apple brazenly lied to you. You're *desperate* to find a way to claim the kernel is NOT insecure crap.
Trust the world, Chris, that if the Android kernel was as insecure as the toxic iOS kernel to zero-click exploits is, the world would talk about it.
Zero-click pegasus/Chrysaor exploits just do not exist on the Android
kernel. They only exist on the garbage insecure iOS crapware kernel, Chris.
The point is not that the iOS kernel is well known to be insecure crap.
The point is Apple locked you up in the iOS prison "for your security".
And yet, you got no security.
Why not?
Apple lied.
As for Android exploits, there are more recent reports on Pegasus targeting Android, but none publicly document a verified zero-click Android kernel exploit attributed to Pegasus. The newer analyses continue to emphasize privilege escalation and delivery mechanisms, but still fall short of confirming a fully remote, zero-click Android kernel chain.
Unlike you Apple trolls who can't seem to find a search engine, I looked
far and wide and while it's trivial to find iOS zero-click kernel exploits
by Pegasus, nobody on the planet has yet reported the same for Android.
MAG212 (Aug 2025)
While it confirms Pegasus's ability to compromise Android devices, it does not document a zero-click Android kernel exploit. It reiterates that iOS infections often use zero-click chains via system parsers like iMessage and ImageIO
ThreatCure (Jan 2025)
Details Pegasus deployments exploiting WhatsApp zero-click vulnerabilities. However, the report focuses on application-level exploits, not kernel-level chains. It does not attribute any Android kernel zero-click exploit to Pegasus
iVerify Report (Dec 2024)
Identifies Pegasus infections bypassing Apple's threat notifications, again emphasizing iOS zero-click chains. Android is mentioned, but no
kernel-level zero-click exploit is documented
HAL Archive (2025) and arXiv (Apr 2024)
These academic papers analyze Pegasus's implications for digital privacy
and security. They discuss Android infections and privilege escalation but
do not publish any verified zero-click Android kernel exploit chains
REFERENCES:
MAG212 (Aug 2025) https://mag212.com/data-breaches/pegasus-under-the-hood-how-zero-click-spyware-lands-operates-and-how-to-fight-back/
ThreatCure (Jan 2025) https://threatcure.net/analytical-report-pegasus-spyware-deployments-targeting-whatsapp-in-january-2025/
iVerify Report (Dec 2024) https://cybersecuritynews.com/pegasus-spyware-used-widely-to-target-individuals/
HAL Archive (2025) and arXiv (Apr 2024) https://hal.science/hal-04614882v1/document
https://arxiv.org/abs/2404.19677
| Sysop: | DaiTengu |
|---|---|
| Location: | Appleton, WI |
| Users: | 1,075 |
| Nodes: | 10 (0 / 10) |
| Uptime: | 90:34:52 |
| Calls: | 13,798 |
| Calls today: | 1 |
| Files: | 186,989 |
| D/L today: |
5,331 files (1,536M bytes) |
| Messages: | 2,438,212 |