Apple and WhatsApp have vowed to keep warning users if their mobile phones are targeted by governments using hacking software against them, including in the US, as two spyware makers seek to make inroads with the Trump administration.
The two technology giants made their statements in response to queries from the Guardian as the two cyberweapons makers – both founded in Israel and now owned by American investors – are aggressively pursuing access to the US market.
Paragon Solutions, which makes a spyware called Graphite, already cemented a deal with the Trump administration in September to give US immigration agents access to one of the world’s most sophisticated hacking tools, after the Department of Homeland lifted a freeze on a $2m contract with ICE (Immigration and Customs Enforcement).
Paragon did not respond to requests for comment.
Another company, NSO Group, which was accused by the Biden administration in 2021 of engaging in business that was “contrary to the national security or foreign policy interests of the US”, announced this weekend that David Friedman, the US ambassador to Israel during Donald Trump’s first term, had agreed to become executive chairman of the holding company that owns NSO. The company was recently taken over by new investors, reportedly including the American movie producer Robert Simonds.
Both Paragon and NSO Group make spyware that can hack into any phone without a user ever knowing. The software can in effect take control of a phone, allowing the spyware user to read a targeted individual’s texts, listen to calls, track their location, and transform any mobile phone into a listening device or remote camera.
The companies have defended their software, saying their products are meant to be used to fight serious crime, and even thwart possible terror attacks, but both companies’ spyware has also been abused by government clients to hack individuals they want to monitor secretly, from journalists to business leaders to human rights activists.
For years, two technology companies – Apple and WhatsApp – have taken a tough stance against the proliferation of spyware around the world and have alerted individuals through notifications when possible hacking attacks are detected, including in cases in Italy, Spain, India and dozens of other countries.
A US court in October sided with WhatsApp when, after six years of litigation, it banned NSO from ever targeting WhatsApp users again.
But both Apple and WhatsApp’s owner, Meta, also have a close relationship with the Trump administration, leading to concerns over whether they would continue to alert individuals in the event such spyware attacks occurred against users in the US.
In a statement, Apple said: “Threat notifications are designed to inform and assist users who may have been individually targeted by mercenary spyware and geographic location is not a factor in who they are sent to.”
A spokesperson for WhatsApp said: “WhatsApp’s priority is to protect our users by disrupting hacking efforts by mercenary spyware, building new layers of protection and alerting people whose device has come under threat, no matter where they are in the world.”
Christopher Wray, the former FBI director, has testified that the FBI tested NSO’s Pegasus for possible use, but that the bureau ultimately decided against including the commercial spyware in its arsenal. Experts say many legal questions surround whether spyware could ever legally be used domestically in the US given laws that prohibit targeted surveillance of Americans.
An aide to Ron Wyden, a Democratic senator and member of the select committee on intelligence, said current immigration officials provided an initial briefing to his office in which they indicated their “policies are still being written”, but have not responded to follow-up emails since the government shutdown began in October.
Asked whether he would seek to have sanctions that were placed on NSO by the Biden administration in 2021 removed, Friedman said by phone from Israel: “I hope that will be accomplished, but we haven’t made that request yet” and said he had not yet discussed the matter with Trump. The former ambassador added that it was “too soon to know” when NSO would seek to have those sanctions lifted.
“Nobody is protected” when it comes to mercenary spyware, cautioned John Scott-Railton, a senior researcher at the Citizen Lab at the University of Toronto, who is one of the world’s leading experts in tracking and disrupting the use of spyware tools against members of civil society around the world.
“American businesses aren’t ready to start detecting and defending against this kind of threat at home. Nor is anyone else, by the way. Not hospitals, not lawyers and judges, not politicians, and certainly not regular citizens,” he said. “The last thing America needs right now is a silent spyware epidemic.”
Paragon first entered an agreement with ICE in 2024, under the Biden administration. Several people who spoke on the condition of anonymity said the relatively small contract had slipped under the White House’s radar until it was reported by Wired. The contract was then paused in order to determine whether the contract met the requirements of an ambitious executive order that had been signed by the White House in May 2023 and prohibited the operational use of spyware that poses “risks to national security or has been misused by foreign actors to enable human rights abuses around the world”.
At that time, Paragon was not associated with any surveillance scandals, unlike NSO Group, whose Pegasus spyware has been used by governments to target civil society in dozens of cases.
But that changed in January 2025, when WhatsApp said it had discovered that 90 people, including journalists and members of civil society, had been targeted by Paragon’s Graphite.
Paragon subsequently ended its relationship with the Italian government, suggesting Italy had violated terms of service that prohibit the spyware from being used against members of civil society.
Since then, media reports have described how several Italian journalists, at least two Italian business executives, including the chief executive of one of Italy’s largest banks, Italian human rights activists, and an Italian political strategist, were each targeted with the hacking spyware in 2024.
The government of the current prime minister, Giorgia Meloni, has acknowledged the software was used against some activists by an Italian agency with legal authority, but has not claimed responsibility for other high-profile targeting.
“This is the Italian Watergate,” said Matteo Renzi, the former Italian prime minister, in an interview.
“This is a tool only a government can use. If the Italian government continues to deny they have used this against (multiple Italian business executives) and journalists, then the question is, who did?” he said. “I am not the best friend of journalists, but the freedom of the press is a priority in a liberal democracy. For me, it is unacceptable to use this tool against journalists.”
The prospect of Graphite now being in the hands of US immigration officials has some senior figures worried.
“ICE is already shredding due process and ruining lives in its rush to lock up kids and families who pose no threat to anyone,” Wyden said in a statement to the Guardian. “I’m extremely concerned about how ICE will use spyware, facial recognition and other technology to further trample on the rights of Americans and anyone who Donald Trump labels as an enemy.”
A spokesperson for the Department of Homeland Security did not respond to a request for comment.
