In a move that has been hailed as a game changer for spyware accountability research, Apple has been sending notifications to targets and victims of government spyware attacks, alerting them that they may have been hacked and directing them to get help. According to cybersecurity experts, this approach has been instrumental in uncovering cases of spyware attacks in Poland, Thailand, and other countries.

The notifications, which have been sent to users in over 150 countries since 2012, read: "Apple detected that you are being targeted by a mercenary spyware attack that is trying to remotely compromise the iPhone associated with your Apple Account." The alerts are triggered by a tool designed to detect spyware on iPhones, which flagged anomalies on two devices belonging to campaign staffers of U.S. Vice President Kamala Harris before the elections. Apple declined to forensically analyze the phones, citing its policy of not getting involved in individual investigations.

While some may view Apple's response as abdicating its responsibility to protect its users, cybersecurity experts who work with human rights defenders, journalists, and dissidents agree that the company's approach is the right one. "These notifications have been a game changer for spyware accountability research," said John Scott-Railton, a senior researcher at the Citizen Lab. "When I look back over the past few years, I see so many of the most important cases that we know about – Poland, Thailand, so many others – began with an Apple notification."

Access Now, a nonprofit that runs a digital helpline for people in civil society who suspect they have been targets of government spyware, has been instrumental in supporting victims of spyware attacks. The helpline, staffed by over 30 people, has received 4,337 tickets so far in 2024. "The helpline is able to do good, systematic triage work and support," said Scott-Railton.

Experts agree that Apple should stop short of investigating individual attacks after notifying the victims. "Big tech companies don't want to get into the business of doing forensics on people's devices or accounts," said Runa Sandvik, a security expert who runs her own digital security consultancy. "I think that should remain separate."

However, Eva Galperin, the director of cybersecurity at the nonprofit Electronic Frontier Foundation, believes that Apple could still do more to combat spyware. "[Apple] could write more detailed reports and file more lawsuits. These are the things that take massive amounts of money NGOs don't have and telemetry NGOs don't have," Galperin said.

In its official page about mercenary spyware, Apple says that it continues to work tirelessly to protect users and sympathizes deeply with the small number of users who are victims of such attacks. The company also recommends that users update their iOS software and all their apps, and suggests switching on Lockdown Mode, an opt-in iOS security feature that has stopped spyware attacks in the past.

Experts strongly recommend turning on Lockdown Mode if you think you may be a target, especially if you are a journalist, human rights defender, or dissident. "Lockdown Mode is a game changer in increasing the security of people's devices, especially people who are at risk," said Scott-Railton.

In conclusion, Apple's decision to notify victims of government spyware attacks has been a significant step forward in promoting accountability research and protecting users. While there is still more that the company can do to combat spyware, its approach has set a new standard for the tech industry and has already led to important breakthroughs in uncovering cases of spyware attacks.