There's a bit of a journey from "protecting you against government hackers and spooks" to full-on sovereign states; and there's a lot of things that a country's government funds that Apple couldn't even begin to take on[0]. Physical security and military operations are a hell of a different field from that of locking down computers.
Furthermore this isn't the first of its kind; Google has been alerting high-risk Gmail users about state-sponsored hacking for about a decade now. Microsoft probably does something similar. Apple is comparatively late to the party on this. On the offensive side you have the zero-day vendors that broker exploits between hackers and the government.
A better explanation is that Apple isn't supplanting the US government. It's supplanting Halliburton. As more and more people and things go online, hacking and doxxing them is becoming more militarily valuable than just arresting someone or firing a missile. After all, physical attacks risk counterattacks and escalation, but Internet attacks are relatively cheap, not really treated as an attack by many sovereign states, and, most importantly, difficult to attribute.
[0] Call me when Apple black-bags Louis Rossman for illegally repairing MacBooks, or threatens literal nuclear war - like, with uranium bombs and radioactive fallout - on the EU for breaking the App Store business model.
Furthermore this isn't the first of its kind; Google has been alerting high-risk Gmail users about state-sponsored hacking for about a decade now. Microsoft probably does something similar.
It’s great that Google alerted Gmail users, but then what?
“We believe you may be a target of a state-sponsored attacker; have a nice day.”
Beyond just telling you, Apple is providing some tools to do something about it.
Google advanced protection mode has been available for a while.
The threat models are different because the companies provide different services (spear phishing defenses from the web services company, hardware defences from the hardware provider), but still.
I'm not saying it never happens, and I don't want to assume anything about your background, but I think most people who work in software would agree there's no need. Plenty of problems get in on their own.
yep if that were your goal it would be way more cost effective to get a zero day from just not trying that hard with security practices. Not having any security knowledge on the team. Not patching/upgrading dependencies with security bugs.
It doesn't make sense from numbers perspective, there's simply not that much potential for profit there. In general, the sale price of a zero-day or ten in some popular product is tiny compared to, for example, the marketing budget of that product.
That money is significant from the perspective of a particular employee (i.e. if they personally would get the money) or for a specialized consulting company, but it's a drop in the ocean for the large companies actually making the products. So we should expect some backdoors intentionally placed by rogue employees (either for financial motivation or at the behest of some government) but not knowingly placed by the organizations - unless in cooperation with their host government, not for financial reasons.
Furthermore this isn't the first of its kind; Google has been alerting high-risk Gmail users about state-sponsored hacking for about a decade now. Microsoft probably does something similar. Apple is comparatively late to the party on this. On the offensive side you have the zero-day vendors that broker exploits between hackers and the government.
A better explanation is that Apple isn't supplanting the US government. It's supplanting Halliburton. As more and more people and things go online, hacking and doxxing them is becoming more militarily valuable than just arresting someone or firing a missile. After all, physical attacks risk counterattacks and escalation, but Internet attacks are relatively cheap, not really treated as an attack by many sovereign states, and, most importantly, difficult to attribute.
[0] Call me when Apple black-bags Louis Rossman for illegally repairing MacBooks, or threatens literal nuclear war - like, with uranium bombs and radioactive fallout - on the EU for breaking the App Store business model.