alt Hacker News> Then restarting it will remove it. So far Apple has had a perfect record with this unlike Android.
Not things like Pegasus.
It does not minimise attack surface, but minimise ways _you_ can ensure there is nothing on the phone that shouldn't be there.
We're talking about the verification of the boot chain, and last I heard, Pegasus has never subverted that: its strategy is to break back in after every reboot.