A British firm found "no sign of surveillance"
When there were "suspiciously named apps" installed? I can't imagine a supposed mobile forensics company being unable to recognize that and follow up on it. And since when does a root level exploit require "suspiciously named apps"? If your exploit lets you control the OS, why do you need other apps involved at all?
Seems more likely that British firm has some type of relationship with NSO, at the very least as their customer, and didn't want to tip what they knew and hurt NSO's business by making that public in court (if for no other reason than the publicity would cause Apple to quickly fix those holes - as they in fact did - and ruin ongoing NSO's surveillance for all their other customers unless/until they were able to re-hack their phones with a fresh set of exploits)