Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Facebook tried to buy NSO Group's iOS spyware to monitor iPhone users [u]

NSO Group, the team behind the 2019 WhatsApp spyware attack, says Facebook proposed buying "Pegasus" software to better keep tabs on iOS users' activity.

Notoriously controversial NSO Group have released court documents that show Facebook had attempted to purchase a powerful piece of spyware known as Pegasus. Using Pegasus, after a user clicked a seemingly innocuous link received through a message, the target device would be jailbroken, and malware would be loaded to monitor and steal data. The data is exported, giving users — or Facebook in this case — access to sensitive user data.

Data harvested includes all messages and photos, login information, plus data concerning the entire history of the phone's location.

Allegedly, NSO only sells its products to a "sovereign government or government agency." But, according to a declaration from NSO CEO Shalev Hulio, two Facebook representatives approached NSO in October 2017 and asked to purchase the right to use specific capabilities of Pegasus, reports Vice

Facebook was interested in buying Pegasus as they were concerned that their own data-gathering software seemed less effective on Apple devices. Facebook's software that was going to get the functionality, Onavo Protect, was billed as a piece of VPN software. Onavo was used primarily to gather information about what other apps Facebook users were using on their mobile devices.

"The Facebook representatives stated that Facebook was concerned that its method for gathering user data through Onavo Protect was less effective on Apple devices than on Android devices," the court filing reads. "The Facebook representatives also stated that Facebook wanted to use purported capabilities of Pegasus to monitor users on Apple devices and were willing to pay for the ability to monitor Onavo Protect users."

Facebook had allegedly proposed to pay NSO a monthly fee for each Onavo Protect user. However, NSO maintains that they refused the sale on the grounds that Facebook is a private entity.

Onavo Protect was eventually forced off the App Store in 2019 when Apple found the app in violation of newly implemented privacy policies. Specifically, the software ran afoul of data collection restrictions and parts of the iPhone maker's developer agreement covering customer data usage.

"NSO is trying to distract from the facts Facebook and WhatsApp filed in court nearly six months ago. Their attempt to avoid responsibility includes inaccurate representations about both their spyware and a discussion with people who work at Facebook," a Facebook spokesperson told AppleInsider. "Our lawsuit describes how NSO is responsible for attacking over 100 human rights activists and journalists around the world. NSO CEO Shalev Hulio has admitted his company can attack devices without a user knowing and he can see who has been targeted with Pegasus. We look forward to proving our case against NSO in court and seeking accountability for their actions."

Apple said Onavo Protect used data for purposes not directly related to app functionality or for serving up advertising to users.

Facebook is currently suing NSO for exploiting a VoIP-related vulnerability in WhatsApp that allowed Pegasus to install spyware on both iOS and Android handsets remotely.

In July, NSO made the news circuit for its government customers that its Pegasus malware could extract far more data about any given individual. As well as data on the person's smartphone, the claim is that the group can covertly retrieve all of the information that a person has stored on servers owned by Apple, Google, Microsoft, Facebook, and Amazon.

Updated April 4 8:10 A.M. Eastern time with a statement from Facebook