as more people use a software it’s not easier to find exploits but much more profitable - and you see that propagate, as in:
More people start to use a software
Inevitably it gets hacked - by a kid most probably
The company starts panicking due to bad press
They start fixing the security bugs
(some years pass)
Now its quite difficult to find exploit as many security bugs have been fixed
Exploit prices skyrocket since it would affect many users and it’s difficult to develop
Bug bounty skyrockets since the exploits are so pricey
Now the last 2 steps tend to cycle since the security of the product fluctuates
Now the above have nothing to do with “residual” products - such as custom roms. And actually, you have so many deeply specialized people around the main product that finding a bug and developing an exploit on the residual is just a matter of “who the fuck cares”.
So you’re basing your security of your phone on “care”, also known as security through obscurity (some times at least).
Another example of “who cares” security is libreoffice. When I started as a security engineer the veteran (and boss) referred to it as training material to find security bugs. I found some, but who cares? Ain’t nobody gonna pay for them as “nobody” uses the software (keep in mind that we’re referring to millions of daily users rather than thousands per month)
Sorry for sheet! ❤️ Be safe and use a password manager