All posts

Ethical Principles for Mobile Threat Hunting

Dec 5, 2023



Mobile threat hunting requires collecting large volumes of data from many devices to find unknown malware and indicators of compromise. At the same time, there is an inherent sensitivity to how this should be done while respecting individual privacy. We share this sensitivity; we believe that modern mobile devices are effectively an extension of ourselves and hold some of our most intimate and personal information. 

‍That is why it’s important that we share with our customers, partners, and the broader security ecosystem how we harmonize security and privacy while still conducting deep forensic investigations. Our approach is more than a philosophy; it drives the explicit methods we use to search for dangerous threats like mercenary spyware.  

Our guiding principles 

‍It’s not enough to say we believe in something. Our product design and our company values must support those beliefs in practice. That’s why the guiding ethical principles below are reinforced with practical application. The entire team at iVerify is committed to the principles outlined here:

  • We are transparent about the data we do (and do not) access from mobile devices. Anyone using iVerify’s threat hunting tools must provide their consent to enable us to access telemetry data from their device. Device users are in control of whether data is collected from their device. Our tools cannot secretly collect or analyze device data without participation from the device owner.

  • We minimize the data we collect and access only what is necessary to protect individuals from advanced threats. iVerify tools collect and analyze device telemetry data.  

  • We are a defensive-only solution. We don’t play both sides. We are on one side: protecting people from attacks. That means we do not collect, develop, sell, or otherwise distribute vulnerabilities or exploits. Ever.

  • We secure and protect the data we collect using industry best practices.  We only store what we need, and we regularly red team our systems and conduct security assessments to ensure data is protected.

  • We participate in, and support, the broader security research community.  The battle against dangerous intrusions into our mobile lives is ongoing and demands a cooperative approach. That’s why we often engage with academic and non-profit organizations that share our mission on a variety of initiatives. 

Ethics forged by experience

The principles we share here didn’t come out of thin air. They are borne out of experience and a personal commitment to doing the right thing. As founders, we each have worked across private, nonprofit, and academic sectors where ethical considerations were paramount to us personally. 

‍This experience includes building ethical frameworks in big tech and leading nonprofits focused on protecting human rights worldwide. That’s why we can promise that we will always make decisions based on what will protect people, rather than what people are willing to buy. We think it’s an important difference, and one that makes iVerify worthy of the trust of our customers and the community at large. If you’d like to learn more about how our approach and our products can protect you and your organization, please reach out.

iVerify Cofounders:

Danny Rogers, CEO

Rocky Cole, COO

Matthias Frielingsdorf, VP of Research