Can my iPhone get a virus? It’s a question that many Macworld UK readers find themselves asking at some point or another. The good news is that iPhones are famous for their strong security; any time Android fanboys have an argument about whether iPhones or Android smartphones are better, the superior security of the iOS platform is one of the strongest arguments.
That’s not to say Android is insecure – it has come along leaps and bounds over the past few years – but the open-source nature of the platform opens itself to hackers and potential viruses.
When iPhone users ask us if their device has been infected by a virus, we generally explain that this is unlikely. There are more plausible explanations for odd behaviour: you may, for example, be seeing a misbehaving advert in one or more apps you use regularly, triggering behaviour that is intended to convince you that iOS is infected and you need to download an app to fix it, or redirecting you to a dodgy web page to steal your personal data.
However, malware of one kind or another does exist for iOS, even though it remains extremely rare.
Technically speaking, a virus is a piece of code that inserts itself into another program, whereas a worm is a standalone program; both seek to propagate themselves, usually by hijacking messaging applications or via social engineering.
The first part of this definition applies to a very small number of malware attacks on the iOS platform; some apps, including a number which are otherwise totally respectable, suffered from the hijacking of the developer tool used to create them back in 2017, and although malware apps should be caught at the app approval stage before appearing on the App Store, those who have jailbroken their devices and installed apps from other sources may inadvertently install something dangerous.
In either case, however, iOS’s sandbox nature should prevent the malware from getting access to other applications in order to spread itself, or to the underlying operating system.
How secure is an iPhone?
It’s difficult to argue that iOS is not a secure platform – it’s more secure than Android, for instance. iOS isn’t impregnable, and it’s very dangerous for iPhone users to assume that it is, but far more malware is written for Android – a Pulse Secure report released back in 2015 put the figure at 97 percent of all mobile malware, while the US Department of Homeland Security estimated back in 2013 that just 0.7 percent of malware threats were aimed at iOS.
In essence, closed platforms like iOS tend to have very little malware written for them. It’s easier to break into Android, and malware writers will almost always go for the low-hanging fruit.
Don’t make the mistake of assuming that the iOS platform and Apple’s App Store are invulnerable to attack. They’re not. But they are more secure than the Android equivalents. Despite its findings, Pulse Secure insisted that Apple’s App Store “remains a tougher nut to crack than the Android ecosystem”.
You quite often hear the logically flaky reasoning that, because Apple’s OS software products aren’t perfectly secure, they’re no better than rival products which also aren’t perfectly secure. It’s easy to explain why this is wrong. iOS (like its desktop counterpart, macOS) is very secure indeed, albeit not completely secure. Android is pretty secure, but quantifiably less secure than iOS.
The iPhone undeniably has a large security advantage over Android, its only realistic rival.
iPhone viruses and other malware
As we said, there are still dangers out there for iPhone users.
In March 2017, Wikileaks released Vault 7, a collection of documents and files which purportedly reveal methods and strategies employed by the CIA – including a range of vulnerabilities they have used to break into iOS devices. Mind you, Apple insists that most of these have since been patched.
In its 2015 Threat Report, F-Secure Labs reported on several instances of malware penetrating Apple’s ‘walled garden’ App Store. Instead of using social engineering to persuade users to download malware directly, hackers have learned to target the app developers, who then use “compromised tools to unwittingly create apps with secretly malicious behaviour”.
Multiple apps – anywhere from 30 to 300, and many of them from reputable companies – were removed from the App Store in September 2015 because they contained the XCodeGhost malware. Later that year similar situations arose with apps based on UnityGhost, a compromised version of the Unity development framework, and on the Youmi SDK.
That’s not the end of it either. A few years ago, hackers discovered a “zero-day vulnerability” that allowed them to gain access to the root of the iOS system, and this went unnoticed by Apple and the cybersecurity community until 2019. A post by Ian Beer of Google’s Project Zero detailed a malware attack that ran silently on websites with thousands of visitors per week, and the scariest part is that the hack was live for as long as two years before being discovered.
According to Beer, the infected websites “were being used to indiscriminate watering hole attacks against their visitors” using a total of 14 iOS vulnerabilities, although only two were classed as zero-day and thus able to infect the system. The good news is that the vulnerabilities were quickly patched by Apple with the release of iOS 12.1.4 once discovered, but the bad news is that hackers could gain keychain info, photos, messages, emails and a lot of other sensitive information from infected devices prior to the patch.
The only saving grace of the devastating malware attack, which many regard as one of the worst in iOS history, is that the vulnerabilities were removed whenever an infected iPhone was rebooted.
If you’re running an older version of iOS and are concerned, there’s an easy way to check if your iPhone is infected. Plug your iPhone into a Mac, open the Console app, locate your phone in the Devices list and click on it. You’ll see a string of log messages on the iOS device, and while you can’t search past messages, keep an eye on it for 60 seconds or so. If you see messages containing phrases like “uploadDevice,” “postFile success” and “timer trig”, chances are your phone is infected. Ian Beer has detailed a full list of possible strings in his teardown of the implant.
How to find out if your iPhone has a virus
iPhones can get viruses, then – even if it’s a relatively rare occurrence. But if you’re wondering if this has happened to your phone, here’s how to find out.
The main questions when trying to work out what has happened to your malfunctioning iPhone or iPad are these:
Have you jailbroken your device? And if so, have you installed an application from a non-official source whose authenticity is questionable? (Installing apps from non-official source is essentially the entire point of jailbreaking.) If yes, you may have malicious software on your device, and should attempt to locate and uninstall it.
Does the behaviour appear when you use certain apps only? Common behaviour exhibited by apps that have been hijacked include redirecting you to an unfamiliar web page, and opening the App Store without permission. Try uninstalling the app that’s active when these issues pop up, and see if the problem is solved.
If the problem continues to happen no matter which apps are open, your device is probably misbehaving because of a hardware problem, or because of an iOS change that you’re not used to yet, or because you or another user of the device has changed a setting, perhaps inadvertently. Or you may have a virus. Whichever of these issues it is, we would take the device to an Apple Genius Bar.
For more information, here’s how to remove a virus on an iPhone, along with our top iPhone security tips to keep your information safeguarded from hackers.