If you read the tech headlines every day, then you’d be forgiven for thinking that we’re in the middle of a security meltdown with software viruses and malware running rampant, and there’s certainly some truth to that. These threats afflict all of our internet connected devices from smart speakers to laptops to phones.
While there’s a strong perception that Android is insecure, you don’t hear so much about iOS. Many people believe that Apple’s iPhones are immune to viruses or malware, others worry about the possibility, but what’s the truth of the matter? Can iPhones get viruses?
“In theory, yes,” Maik Morgenstern, chief technology officer for AV-Test, told Digital Trends. “However, the practical hurdles are quite high, and it is unlikely for a normal user to get affected. But vulnerabilities exist that can be exploited by attackers.”
People tend to use the word virus to describe all undesirable and uninvited software, but technically the term refers to software that infects a host, inserting itself into an existing program, and then spreads that infection by self-replicating. Viruses are only a small percentage of malware (malicious software) – the real catch-all term – and they’re especially rare on smartphones. If you get a mysterious advert pop-up or an app logs your data and sends it off to a remote server, you may interpret it as a virus, though it’s probably another kind of malware. We’re going with that wider definition here.
Apple has been criticized for its walled garden approach, because it doesn’t allow for as much choice and customization as some of the alternatives, but there are some benefits to being more restrictive.
“Since iOS is a closed ecosystem, users can only install apps from the App Store which is thoroughly checked by Apple,” Morgenstern said. “It is unlikely that malware writers will get malware in the store.”
That doesn’t mean it’s impossible, of course, and there have been incidents where legitimate apps in the iOS App Store were infected with malware. In one case cybercriminals were able to trick Chinese app developers into using a counterfeit version of an Apple development tool.
“Another infection vector may be vulnerabilities in iOS which may allow attackers to infect your device,” Morgenstern said.
“It is unlikely that malware writers will get malware in the store.”
Back in 2017, WikiLeaks published details of the CIA’s hacking tools. The report included some methods that the CIA had used to break into iPhones by exploiting vulnerabilities in iOS. Apple was swift to release a statement saying that most of the vulnerabilities had already been patched and the rest soon would be, but it’s perfectly plausible that someone out there is aware of and currently exploiting a vulnerability in the system and there will certainly be people working on finding more. Just as the people at Apple work tirelessly to block them and patch vulnerabilities.
One of the reasons that iOS is relatively safe compared to Android is that cybercriminals and other attackers will go for the path of least resistance or the low hanging fruit first. Many of the vulnerabilities that are uncovered in Android are slow to be patched on every device. Google may act swiftly, but updates only make it onto some phones when the manufacturer and carrier get it together. Apple doesn’t have this issue, so patches can be pushed out widely far more rapidly. There are also many more Android users, so it’s a bigger target.
Successful phishing attacks, where people are conned into volunteering sensitive details are common on iOS and Android, because they don’t necessarily require people to install anything first. A victim might be presented with what appears to be a legitimate login screen, but has in fact been created by criminals, and when they enter their login details, they are effectively handing them over.
We’ve also seen a rise in smishing, which is really just phishing via mobile text messages. People may receive what appears to be a regular text message from a big company with a link in it and if they tap on that link they’re redirected to a fake website or trigger a malware download of some kind. These kinds of messages take all sorts of guises from tax refunds to security warnings that you need to update your banking details.
Being conned out of details should be easy to avoid. Never log into anything through links in emails, text messages, or social media messages. Type the address into your browser, or log in through the app.
Malware is a bit like a vampire – it has to be invited onto your iPhone. By default, you can’t install apps from outside of the App Store. If you get an unexpected popup trying to install something always back out of it, don’t invite it in. But there’s still a risk of annoying things like web page redirects that plague you with popups. If you encounter those go to Settings > Safari > Clear History and Website Data and then tap again to confirm and you should be good.
The simple answer to this is that you often won’t have any idea if there’s malware installed on your device. False positives are far more common than actual issues. People will often interpret a poorly coded app, a stray setting, or an aging battery as signs of malware.
“Don’t jailbreak the device and always install updates as soon as they become available.”
If you notice suspicious behavior on your iPhone, then you’ll certainly want to investigate, but, unless you’ve jailbroken your device, it’s not likely to be caused by a virus or malware. Try backing up your iPhone and perform a factory reset to see if your issues are resolved. If the strange behavior persists, then consider visiting an Apple Store and ask them to take a look for you.
There are some good iPhone security apps out there and VPN apps can be a good idea, but these options are really focused on your privacy more than anything else. For the most part you don’t have to worry about a virus or malware on your iPhone if you stick to the Apple App Store.
“Unless a person jailbreaks their device, they won’t be able to install unchecked third-party apps,” Morgenstern said.
So, if you’re worried about staying safe, the answer is simple:
“Don’t jailbreak the device and always install updates as soon as they become available to fix existing security vulnerabilities.”