Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Google Project Zero security researcher moves to Apple

Malcolm Owen |

A researcher who worked for Google's Project Zero is departing the security team and moving over to Apple, to help the iPhone maker improve the security of iOS and its other operating systems.

Revealed on Twitter on Saturday, Brandon Azad confirmed he was leaving Project Zero in favor of a position at Apple in the following week. He will be joining Apple to "continue my work improving Apple device security."

Project Zero is Google's security research team that concentrates on finding security issues and vulnerabilities in software, both in Google's own products and of other major firms. The team works to improve the security of devices and software the general public uses by pointing out the issues to device producers, before performing an ethical disclosure of its findings.

This includes a collection of zero-click bugs in Apple's Image I/O framework affecting all of Apple's major platforms, and discovering exploits in hacked websites targeting iPhones.

Azad is known for his work on iOS issues, and has been credited in Apple's patch notes for both iOS and macOS releases multiple times. By moving to Apple, Azad may be able to assist in plugging some of the security holes he finds externally before they get discovered by research teamd like Project Zero.

In tweets, Azad calls his time at Project Zero "amazing" and says it's "been an honor to share in this wonderful mission." His teammates were among "the kindest and smartest people I've met, and I've learned so much from them," he adds, before thanking them and urging to "keep on hacking."

14 Comments

chasm 10 Years · 3624 comments
About

The Google Project Zero team have ironically been excellent at discovering security issues within iOS (et al), so it is great news that one of them will be joining Apple directly. I wish the people in that team were allowed to take charge over the security of Android and the Google Play Store, the major sources of malware and security issues in the mobile world ...

cloudguy 4 Years · 323 comments
About

chasm said:
The Google Project Zero team have ironically been excellent at discovering security issues within iOS (et al), so it is great news that one of them will be joining Apple directly. I wish the people in that team were allowed to take charge over the security of Android and the Google Play Store, the major sources of malware and security issues in the mobile world ...

Despite what people who don't use Android insist on believing: 

A) virtually no Android exploits actually impact real world end users
B) nearly all Android vulnerabilities are due to bypassing Google Play and sideloading apps - which means that Apple fans who call Android a monopoly and demand that governments need to it up would result in more security issues not less.  Do Apple fans want this in order for the increased security problems to force more customers who otherwise would be happy and satisfied by Android into iOS unwillingly?
C) The open nature of Android makes accomplishing real security impossible. Google learned from this and has since made every other platform i.e. ChromeOS, Wear OS and Android TV very much closed down. You cannot so much as even obtain an image of ChromeOS to create a virtual machine or use with Bootcamp. As a result virtually no security issues - even the type that results in no end user exploits and are easily avoided like in Android - exist on ChromeOS and the others.
D) if your core complaint is Google having Project Zero at all, well there was nothing preventing Apple from investing the massive resources and leadership that it took to create the best private cybersecurity research team in the world in Project Zero. You should bash Apple for not creating their own team instead of bashing Google for having this sort of initiative. Instead Apple is reduced to acqui-hiring someone that Google put in the hard work of identifying and training.

Rayz2016 8 Years · 6957 comments
About

cloudguy said:
chasm said:
The Google Project Zero team have ironically been excellent at discovering security issues within iOS (et al), so it is great news that one of them will be joining Apple directly. I wish the people in that team were allowed to take charge over the security of Android and the Google Play Store, the major sources of malware and security issues in the mobile world ...
Despite what people who don't use Android insist on believing: 

A) virtually no Android exploits actually impact real world end users
B) nearly all Android vulnerabilities are due to bypassing Google Play and sideloading

Depends what you mean by “virtually no Android exploits …”


Hackers are actively exploiting StrandHogg, a newly revealed Android vulnerability, to steal users’ mobile banking credentials and empty their accounts, a Norwegian app security company has warned.
 […]
Promon identified the StrandHogg vulnerability after it was informed by an Eastern European security company [Wultra] for the financial sector (to which Promon supplies app security support) that several banks in the Czech Republic had reported money disappearing from customer accounts.

Strandhogg seems so popular it cropped up again this year. 


Rayz2016 8 Years · 6957 comments
About

Glad he’s on board. 

Project Zero does excellent work. 

gatorguy 13 Years · 24627 comments
About

Rayz2016 said:
cloudguy said:
chasm said:
The Google Project Zero team have ironically been excellent at discovering security issues within iOS (et al), so it is great news that one of them will be joining Apple directly. I wish the people in that team were allowed to take charge over the security of Android and the Google Play Store, the major sources of malware and security issues in the mobile world ...
Despite what people who don't use Android insist on believing: 

A) virtually no Android exploits actually impact real world end users
B) nearly all Android vulnerabilities are due to bypassing Google Play and sideloading
Depends what you mean by “virtually no Android exploits …”


Hackers are actively exploiting StrandHogg, a newly revealed Android vulnerability, to steal users’ mobile banking credentials and empty their accounts, a Norwegian app security company has warned.
[…]
Promon identified the StrandHogg vulnerability after it was informed by an Eastern European security company [Wultra] for the financial sector (to which Promon supplies app security support) that several banks in the Czech Republic had reported money disappearing from customer accounts.

Strandhogg seems so popular it cropped up again this year. 


Only Android version 9 and below could have been exploited and a security update back in May this year (the same month Strandhog Vers,2 was "discovered) immunized all versions. Strandhogg is stranded. 
https://www.androidcentral.com/strandhogg-20-steals-data-posing-legitimate-android-apps

The OP claim of "virtually no Android exploits" still looks OK if Strandhogg was all you could find.

Read More on our Forums ->
 

Sponsored Content

article thumbnail

How to stop spam calls and reclaim some sanity on your iPhone

Top Stories

article thumbnail

How Apple's smart home revolution begins in 2025

article thumbnail

AirPods Max four years later: a missed spatial computing opportunity

article thumbnail

Apple says EU interoperability laws pose severe privacy risks

article thumbnail

Don't believe what you see on TikTok - AirDrop doesn't allow thieves to steal your credit card info

article thumbnail

Holiday 2024 MacBook Buyer's Guide — Which Mac laptop you should buy?

article thumbnail

Holiday coupon: save up to $300 on every 14" & 16" MacBook Pro M4