Generally Apple introduces features they think people want to use. So enabling anything that takes away networked features will hurt the user experience in practice. So... people won't do that.
I would rather be interested in ways to detect these software phoning home on my home wifi with my firewall - for now. I might change this stance any moment in the future heh.
Why are more people not saying this? At the end of the day malware is only useful if it can send information out. So its by nature, totally detectable.
How would you inspect mobile data when not on your own wifi?
How would you inspect it if it was piggybacking of a trusted but compromised endpoint? What if the data exfiltration doesn’t use a networking protocol you can monitor at all, like Bluetooth beacon transmitting?
The answer to almost any “why are people not saying this” is because it’s usually not that simple.
1) Software defined radio. You basically hook up a IMSI backed by a internet connection.
2) That is a good example. Much harder to execute. I would argue in that case that everything is totally compromised. But if the hardware vendors provided a low level interface where one could read and write firmware etc. directly. One could do simple binary comparison analysis.
The point still stands. Figuring out what malware is doing is hard. Detecting that there is something in your system that wasn't there before shouldn't be hard. If the hardware vendors wanted to provide low level mechanisms to make the process easier. Its totally in the realm of the possible.
E.g. the main responder to this thread makes it seem like a impossible task even for dedicated security defense groups. But with just two mechanisms 1) network analysis 2) low level ability to read and write firmware/persistent storage. Its totally possible and straightforward.
Ransomware, a type of malware, just needs to encrypt your files so you can't access it, no network access required. totally detectable after the fact, but by that time it's too late.
I would rather be interested in ways to detect these software phoning home on my home wifi with my firewall - for now. I might change this stance any moment in the future heh.