iPhone - Is there any real need for an antivirus/security suite on these devices?

[britechguy]

I know this isn't exactly "repair," but it is smartphone related and seems better placed in this forum.

I have no idea what, if any, security measures Apple has probably already built in on iPhones because I've never had one and will never have one. In the Android world, it's not "true viruses" that are the problem but malicious apps that data mine/steal, and those have declined quite a bit with the advent of Play Protect.

I have a client asking about this, which I personally think is a load of hoo-ha. But I wanted to turn to the wisdom of the cohort before coming right out and saying, "This is a load of hoo-ha and avoid it like the plague."

I just don't know what is considered "best practice" as far as any additional defensive measures of the app sort on the iPhone or Android. I have Lookout on my Android phone only because it kinda "came with" my T-Mobile service, but just like Windows Security, it's never found anything because my practices for interacting with cyberspace just haven't allowed me to "catch" anything in a very, very, very long time.

 

[nlinecomputers]

As long as it isn't jailbroken it is very difficult to infect an iPhone. The AppStore is a walled garden and root access is not allowed for the end-user. As long as you keep it up to date on the latest version of iOS you are fine.

Android on the other hand can sideload apps and Google hasn't been as good at policing the PlayStore compared to Apple. And unless you are running a Pixel it is unlikely you have the latest updates from Google. Other manufacturers just don't keep them up to date. So I run nothing on my iPad and run Malwarebytes on my Samsung phone.

 

[britechguy]

Android on the other hand can sideload apps

Just a side note that while it can, it doesn't have itself set up to do this by default, and hasn't for quite a long time.

It's mostly the "geek contingent" that does sideloading, and always has been. But your point is taken, as the rare, clueless end user could easily tweak these settings and sideload were they determined to do so.

 

[nlinecomputers]

Just a side note that while it can, it doesn't have itself set up to do this by default, and hasn't for quite a long time.

It's mostly the "geek contingent" that does sideloading, and always has been. But your point is taken, as the rare, clueless end user could easily tweak these settings and sideload were they determined to do so.

Not really. Most androids if you download an app it will prompt you to disable the sideload block. if you are dumb enough to be phished in the first place it isn't hard to lead you down the path to enabling sideload.

 

[britechguy]

Most androids if you download an app it will prompt you to disable the sideload block.

If you're downloading an app from other than the Play Store, you're already outside the realm that most end users inhabit.

One thing I do deal with, a lot, is Android smartphones, including my own, and a very great many users have no idea that apps are available from other than the Play Store, and any third-party developer "that is playing with the big boys" directs to the Play Store to download. I haven't had a client attempt to sideload anything in I can't even say how long. And I, myself, have not attempted to sideload anything in a very long time. The only time I have done that is when I was playing around with rooting older devices.

 

[nlinecomputers]

If you're downloading an app from other than the Play Store, you're already outside the realm that most end users inhabit.

Not if it is a drive by download.

 

[nlinecomputers]

Also, many users don't know about the play store but they do know that they want TikTok or Instagram. so they Google it. or someone mentions viruses and they go to a website similar to the one in your OP that has a malware download. Don't underestimate the stupidity of end-users.

 

[britechguy]

@nlinecomputers

I'm not underestimating the stupidity of end users, and don't generally put anything past them. In this case, however, I have years of observational data, and the vast majority wouldn't know what sideloading was or go anywhere but the Google Play Store to snag apps. One of the first things they tend to learn about, usually from a friend, when they hop on the Android bandwagon is the Google Play Store. There's plenty of trouble they can get into there already.

That could be different for you, but what I state above is my direct experience.

 

[britechguy]

Not if it is a drive by download.

Which cannot happen with default Android settings for a long time now. I won't say that none are stupid enough to confirm a sideload in an attempted drive-by, but most will look and say, "I didn't ask for that," if they don't recognize what in the heck it is and it just pops up and refuse it.

 

[Blues]

In my experience most people don't know how to get apps outside of the Play Store most have a hard enough time finding the most basic apps in the stores.

 

[britechguy]

@Blues: At least I'm not alone. That typifies my experience as well.

 

[Sky-Knight]

Yeah Apple does a good job of keeping the cruft off their store, and even if you install a malicious app you have to give it permission to do stuff. The sandbox is pretty good. It's not fail proof... but it's pretty good.

The larger problem is due to the way the sandbox Apple uses works, and the same applies to Android by the way... You don't have access to root on the device, and as such any anti-malware you attempt to use cannot really audit the system correctly because IT doesn't have root either!

Now here's the rub... there ARE vulnerabilities that apply to mobile devices, and if your device is breached via one of them the malware has root, and nothing else does... in these cases the malware can and will survive even a factory reset. The only way to clear the device is to push a fresh image over the thing, which Apple specifically basically doesn't allow you to do.

So no, anti-malware on a phone is pointless in general.
You have no guaranteed security unless you're using an Apple iPhone, or Google Pixel device.
And even if you are using one of those two device lines, the security you receive is technically worse than what you get on a typical Windows installation with monthly security patching and Defender.

Right to repair is required...

P.S. Android and iOS have been breachable via specially formatted SMS messages in the past. The attack surface is not limited to the app store, it's the exact same surface we deal with on a Windows platform. That's USB attached devices, random executables, web deployed malware, everything.

 

[Markverhyden]

From what I remember reading over the years there's only been a handful of "exploits" in the iOS ecosystem. And I use that loosely since most, if not all, weren't actually real exploits but Proof of Concept about getting malware into that walled garden. Other vectors? Different story. Just like a computer if a black hat can get their hands on a device a whole new world of opportunities opens up. To be honest I don't give it a second thought for iOS devices. Jailbreaking is far from simple, even difficult for many savvy computer users. My biggest worry is the ease at which EU's do incredibly stupid things. Like sending an account name and password in an email. Or yelling it into it while on speaker phone, in public. Or letting everyone in ear shot know they use the same username and password for "everything". LOL

 

[JoeTech]

Most AV apps I have seen for iOS just check to make sure basic security settings are in place and warn you about being on unsecured networks.

They probably are worse than nothing because they give you a false sense of security, but can’t do anything outside their sandbox.

 

[Sky-Knight]

@Markverhyden https://www.cvedetails.com/vulnerability-list/vendor_id-49/product_id-15556/Apple-Iphone-Os.html

Read and update your brain please... there are far more than a "handful". It's almost as colorful as Windows in there.

It's an OS, with software on it, it has all the same issues associated therein. The only difference that Android / iOS bring to the table is vendor lock that prevents us mere mortals from getting admin. The bad guys get admin... we don't.

Therefore the platforms are insecure by default, and impossible to be secured.

I do give Apple credit though... they actually patch their crap. Google does too, but the hardware vendors between Google and us tend to prevent the flow of updates, which is a HUGE issue.

 

[britechguy]

hardware vendors between Google and us tend to prevent the flow of updates, which is a HUGE issue.

Yup, and what's funny is that some of he biggest names are the worst offenders. I've had the flagship model from "the world's most popular Android smartphone maker" and the pace of updating was glacial and shameful.

Contrast that with my Chinese made Xiaomi devices, meant for the global market as they have very little presence at all in the US market, that have consistently gotten MIUI updates every couple of months while the devices are in support. Just got one a short while back and it's on the Android security update for 2021-12-01, and in the world of Android security updates if that's not the very latest it's very close. It's also gone from Android 10 to Android 11 and I fully expect Android 12 to be pushed to it as well. All at about 1/5th the price of the popular flagship phones.

 

[phaZed]

Since there is virtually no API or hooks for an AV on iOS, there is little protection to be gained.

Dec 2021 - Zero-Click NSO Group's Pegasus broke through sandbox, buffer overflow and remote code execution - 50,000+ affected/targeted https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-into-nso-zero-click.html

Dec 2020 - AWSL (Wireless attack zero-click) was being sold on the internet for almost a year before Apple picked up on it. Full Kernel access.

Apple iOS ‘Zero-Click Exploit’ Discovery Walk through: Takeaways for Security Professionals

Introduction Apple recently patched a newly discovered vulnerability in May with iOS 13.5, which could potentially allow an attacker to gain unfettered remote access to Apple iPhones and other iOS devices.

www.linkedin.com

Sep -2021 Frustrated dev drops three zero-day vulns affecting Apple iOS 15 after six-month wait
"To me, the bigger takeaway is that Apple is shipping iOS with known bugs," Wardle continued, noting that IllusionOfChaos claims to have reported the bugs months ago. "And that security researchers are so frustrated by the Apple Bug Bounty program they are literally giving up on it, turning down (potential) money, to post free bugs online."

Frustrated Developer Drops 3 Zero-Day Vulnerabilities Affecting Apple iOS 15 After Waiting for 6 Months | TechnoidHost

Frustrated developer drops 3 Zero-Day vulnerabilities affecting Apple iOS 15 after waiting for 6 Months, clearly upset with Apple’s handling of its

technoidhost.com

2019 Metasploit Zero-Click iMessage Demo:

2014 Metasploit Cydia Zero Click Exploit Demo:

Bottom line, there are at least 3 unfixed, unreported Zero-Day Zero-Click exploits on the Dark Webz or Github right now that I know about, personally (That are at least being sold as such).

​

 

[nlinecomputers]

Therefore the platforms are insecure by default, and impossible to be secured.

I do give Apple credit though... they actually patch their crap. Google does too, but the hardware vendors between Google and us tend to prevent the flow of updates, which is a HUGE issue.

This +100

 

[fincoder]

I have a client asking about this, which I personally think is a load of hoo-ha.

My ESET security blocks access to that link. Says it all really.

 

[britechguy]

Thank you, one and all, for your input.

"The gist of it," which matches my initial impression, has been communicated in businesslike wording.