The implant is running in the background as root on an iPhone 8 running iOS 12.0. The implant has access to all the database files (on the victims phone) used by popular end-to-end encryption apps like Whatsapp, Telegram and iMessage. It uploads the device’s keychain, which contains a huge number of credentials and certificates used on and by the device. It can also upload the user’s location in real time, up to once per minute, if the device is online.”]
Source: https://googleprojectzero.blogspot.com/2019/08/implant-teardown.html