i worked on solutions to this problem from the beginning and at a higher level there's a basic economic reason mercenary mobile malware will always be with us, and these spyware companies will almost always be a viable investment.
first hand: it's an artifact of "small coalition" governments, typically funded by resource wealth, and therefore without sophisticated public services that can support a spy agency who would develop their own inline national surveillance and intelligence infrastructure. it means they will always have to go to the commercial or grey market (like these vendors) to get this spying capability in malware, and eventually there will be diplomatic consequences to cutting some of them out with vulnerability patches.
there's another game at play where as iphones become more expensive and high risk to exploit, spyware providers switch away to things like vehicle entertainment systems, home and office AV and automation, and other personal tech. the market is small, but long term persistent. on the defender side, we just have to find a way to manage.
first hand: it's an artifact of "small coalition" governments, typically funded by resource wealth, and therefore without sophisticated public services that can support a spy agency who would develop their own inline national surveillance and intelligence infrastructure. it means they will always have to go to the commercial or grey market (like these vendors) to get this spying capability in malware, and eventually there will be diplomatic consequences to cutting some of them out with vulnerability patches.
there's another game at play where as iphones become more expensive and high risk to exploit, spyware providers switch away to things like vehicle entertainment systems, home and office AV and automation, and other personal tech. the market is small, but long term persistent. on the defender side, we just have to find a way to manage.