Spyware, Nudify Apps, and the Consent Economy

WhatsApp catches NSO Group violating a court order. WWDC protesters demand Apple remove nudify apps. The same logic animates both: non-consensual access to bodies via software.

Based on original reporting by Lorenzo Franceschi-Bicchierai (TechCrunch), Jay Peters (The Verge) and Heidi Blake (The New Yorker)

Two stories dropped on the same day that share a substrate no one is connecting. WhatsApp announced it disrupted a phishing campaign using NSO Group's Pegasus spyware, in direct violation of a court order. And outside Apple Park, protesters demanded Apple remove nudify apps from the App Store, tools that generate non-consensual synthetic nude images. The surface stories are different: one is about state-linked surveillance of dissidents and journalists, the other is about teenage girls being targeted by classmates. But the underlying logic is identical: software built to penetrate the boundary of consent, sold as a product.

The Architecture of Non-Consensual Access

NSO Group builds enterprise surveillance infrastructure for governments. Nudify apps are consumer-grade harassment tools. What makes them the same thing at the level of structure is that both are designed to give one party access to another person's body or communications without that person's agreement, packaged as a feature. The New Yorker's investigation into Andrew Tate's empire of abuse this week adds a third vector: the systematic exploitation of women as a business model, franchised through an ideology that makes non-consent seem like a power move rather than a crime. These are not separate phenomena. They are points on the same spectrum of software-enabled, market-rationalized bodily violation.

Why Apple Is the Wrong Target and the Only Target

The protesters at WWDC are right that Apple's App Store review process is the last meaningful chokepoint for consumer-facing non-consent tools. But the NSO case demonstrates the limits of platform intervention: Pegasus survived court orders and app store bans by operating at the infrastructure layer, not the consumer app layer. A 2026 arXiv paper on SafeGene: Reusable Adapters for Transferable Safety Alignment by Yanghan Wang et al. is actually about LLM fine-tuning safety, but its core insight applies here: safety alignment at one layer is trivially defeated by fine-tuning at a lower layer. The consent economy's vulnerability isn't in the App Store. It's in the stack below it.