Our solutions currently safeguard both personal and state-owned mobile devices of heads of state, prime ministers, and cabinet officials from the most sophisticated cyber threats. A compromised device at this level could be catastrophic—posing severe national security risks, weakening negotiation positions in trade and diplomacy, and enabling election interference or attacks on democratic institutions. The threat is too significant to ignore.

Why Network Monitoring Fails

Vendors of network monitoring solutions focus almost exclusively on Windows and Linux threats, leaving iOS/iPadOS devices largely unprotected. Due to the extensive use of TLS certificate pinning by mobile apps, network monitoring has zero visibility into iOS threats. Additionally, many initial exploitation vectors rely on end-to-end encrypted apps, such as messaging platforms, further obscuring potential attacks. As a result, network monitoring is unable to detect iOS compromises.

Why Competing Apps & MDM/MTD Solutions Fail

Competing iOS security apps, Mobile Device Management (MDM), and Mobile Threat Defense (MTD) solutions cannot detect advanced spyware used by nation-state actors. If they could, these attacks wouldn’t regularly make global headlines.

Due to iOS sandboxing restrictions, competing solutions lack access to critical system data needed for effective security analysis. Their role is primarily compliance enforcement—checking if a passcode is enabled, if the device is jailbroken, or if the latest iOS version is installed. A device passing these checks remains fully vulnerable to sophisticated nation-state threat actors.

On Android, security apps can access additional system data if the user grants permission, but vendors often misrepresent their iOS security capabilities, marketing Android features that are unavailable on iOS.

Competing solutions also rely solely on publicly known Indicators of Compromise (IoCs), which may help identify past attacks but provide no defense against evolving, sophisticated threats. Nation-state actors often deploy victim-specific IoCs, making public indicators ineffective—even for detecting previous compromises.

Forensic solutions that require tethering an iOS device to a Windows or macOS laptop to create a full device backup are cumbersome and inconvenient, leading to low adoption and infrequent security checks. 

Our Solution: Private Protection for iOS/iPadOS

You need a solution that can detect the latest spyware implants deployed by the world’s most advanced threat actors—while ensuring that no device data or compromise details leave your government or organization. It must also be scalable, enabling routine analysis of all iOS devices in your fleet, not just those of senior leadership. True security means protecting every user in your organization, not just those at the top.

Numbers Station’s Private Protection for iOS/iPadOS was built for this exact mission. Already deployed by multiple NATO governments, it protects both senior leadership and regular agency/department staff. Our government clients have detected real-world attacks involving implants installed on devices running the latest versions of iOS.

Key Features

• Operates on fully air-gapped networks or isolated laptops with no external network access.

• Customizable sensitivity and alerting, tailored for both non-experts and cybersecurity forensic analysts.

• No reliance on ineffective public IoCs—instead, it analyzes system diagnostic data for anomalies, assigns severity scores, and reports findings. Any public IoCs that are present are identified as well as anomalies.

Use Cases

• Close Protection Teams: A laptop running Private Protection accompanies the security detail of senior officials. In Basic Mode, non-experts receive a simple “Spyware Detected” or “Clean” result. Scans are fast, requiring less than a minute to transfer a sysdiagnose file via AirDrop or cable and performing the scan. Officials see the results firsthand, enhancing confidence in their device security. Does not require an app to be installed on devices.

• Organization Wide Protection: Users upload sysdiagnose files to an internal file share for analysis by Private Protection. Results are forwarded to in-house cybersecurity specialists for review. Does not require an app to be installed on devices.

• Fully Client-Controlled App Based Solution: A custom version of our Am I Secure? for Work app allows the client to generate and control the private key for end-to-end encryption of all sysdiagnose data that leaves the device, ensuring only the client can access the data and analyze it using Private Protection for iOS/iPadOS. For device users, the experience remains seamless and user-friendly, just like our app, but with branding specific to the client organization and private distribution. Can include full app source code and independent build & distribution for full control.

Subscription to the Service Includes

• Private Protection (macOS), including updates, new detections, and support for future iOS/iPadOS versions.

• Expert forensic support (if requested) to assist with interpreting findings or providing additional analysis.

• The industry's only private threat intelligence feed for recent attacks targeting iOS/iPadOS devices.

For further information, please contact gov@numbersstation.app. Demos and live scanning of test samples are possible as well as trial periods for our Am I Secure? for Work app.