Really depends on the phone and how the controlling organization (whether it’s a private company or the IDF) uses MDM/MAM. It’s totally possible to poorly manage iPhones, and if you do they’ll be insecure as hell. If you were to restrict everyone to a specific Android phone model with hardened software, then you could theoretically do better than deploying all iPhones. Hell, you could even put GrapheneOS on them, but that would be quite an undertaking, and I’m not aware of any company doing it at scale.
Because of the homogeneity of iPhones and how strictly Apple controls them, it’s generally simpler for organizations to manage them and ensure all of their employees are using updated software on a relatively secure phone. So that (in my opinion) is why we’re seeing a lot of organizations just say “screw it, only iPhones allowed”.
Really depends on the phone and how the controlling organization (whether it’s a private company or the IDF) uses MDM/MAM. It’s totally possible to poorly manage iPhones, and if you do they’ll be insecure as hell. If you were to restrict everyone to a specific Android phone model with hardened software, then you could theoretically do better than deploying all iPhones. Hell, you could even put GrapheneOS on them, but that would be quite an undertaking, and I’m not aware of any company doing it at scale.
Because of the homogeneity of iPhones and how strictly Apple controls them, it’s generally simpler for organizations to manage them and ensure all of their employees are using updated software on a relatively secure phone. So that (in my opinion) is why we’re seeing a lot of organizations just say “screw it, only iPhones allowed”.