> But limiting root access makes work for Pegasus and others harder, which is good.
It's not enough to "make it harder", to actually know whether it's a useful mitigation you would have to compare how much harder it makes it compared to what inconvenience it caused for that. Pegasus has no problem getting root right now. I strongly suspect they have a built up hoard of 0-days to apply in case the current faorite technique is patched (how else could you make a business out of it? If you're running a business you can't allow some other party to control your main product).
So, how much does limiting root access hurt Pegasus? Very little, IMO. A case could be made that it helps them, in the same way that excessive regulation helps large companies, which already have resources and experience dealing with it that smaller companies must overcome to enter the market. Pegasus, and the ability to hack into phones on-demand, may have been largely hidden from the public because it was relegated to a few large players.
And what does everyone get for this? Vendor lock-in, higher prices, less control over your own devices.
It's not enough to "make it harder", to actually know whether it's a useful mitigation you would have to compare how much harder it makes it compared to what inconvenience it caused for that. Pegasus has no problem getting root right now. I strongly suspect they have a built up hoard of 0-days to apply in case the current faorite technique is patched (how else could you make a business out of it? If you're running a business you can't allow some other party to control your main product).
So, how much does limiting root access hurt Pegasus? Very little, IMO. A case could be made that it helps them, in the same way that excessive regulation helps large companies, which already have resources and experience dealing with it that smaller companies must overcome to enter the market. Pegasus, and the ability to hack into phones on-demand, may have been largely hidden from the public because it was relegated to a few large players.
And what does everyone get for this? Vendor lock-in, higher prices, less control over your own devices.