Disclaimer: I have never worked with the team on the Apple side.
My impression is that Apple's threat intelligence effort is similar in quality to Google's. Of course external parties also help but Apple also independently finds chains sometimes.
> My impression is that Apple's threat intelligence effort is similar in quality to Google's.
We have a lot of direct experience with Google not having much of a clue about how their own devices are being exploited in the wild. The overall approach does not provide as much insight as it's marketed as doing.
Ok, come on, be reasonable. You finding a Cellebrite price list does not mean you know more about how Pixels are targeted than Google because their marketing team put something out saying they’re super hard to hack. I have worked directly with Google’s threat research teams and they are well aware of their limitations while also having better insight than you’re giving them credit for.
It's often external parties finding exploits being used in the wild and reporting it to Apple and Google. Citizen Lab, Amnesty International, etc.
We regularly receive info from people working at or previously working at companies developing exploits and especially from people at organization using those exploits. A lot of our perspective on it is based on having documentation on capabilities, technical documents, etc. from this over a long period of time. Sometimes we even get access to outdated exploit code. It's major releases bringing lots of code churn, replaced components and new mitigations which seem to regularly break exploits rather than security patches. A lot of the vulnerabilities keep working for years and then suddenly the component they exploited was rewritten so it doesn't work anymore. There's not as much pressure on them to develop new exploits regularly as people seem to think.