Exploit Prices
Zerodium’s Exploit Acquisition Program:
Product / Exploit Type New Price Previous Price Apple iOS 10 (Remote Jailbreak) $1,500,000 $500,000 Android 7.x/6.x (Remote Jailbreak) $200,000 $100,000
An iOS remote jailbreak exploit is worth 7.5 times as much as an Android jailbreak exploit.
We know prices get set by supply and demand, so what drives up the prices for iOS? A greater demand or a lower supply?
I’ve never been interested in remotely exploiting someone’s phone, but I can muster a few guesses as to why someone would: to steal credit card data, distribute ransomeware, or form a botnet, to name a few. Are any of those worth more on iOS than Android? I don’t see how given Android’s greater market share. I expect the demand for Android jailbreak exploits to be greater, and thus drive the price up.
If we’re conservative and say the demand is equal for iOS and Android exploits, then the supply for iOS jailbreak exploits must be lower, implying they are more difficult to produce. I don’t know if any Apple engineers are patting themselves on the back, but this is a major testament to the iOS security team.