It’s an age-old idea that Windows and Android devices are insecure messes just waiting to pick up a virus, while Macs and iPhones are immune to such threats. And while Android can indeed pick up malware, smart habits will protect the majority of users.
Viruses and Malware Defined
Before we discuss viruses on iOS—the operating system that powers iPhones, iPads, and iPod Touchs—it’s important to note what these terms mean. Most people use the word virus to refer to any kind of nasty software, but this isn’t technically correct.
Malware, or malicious software, is any program or file that is harmful to a computer user. Malware includes computer viruses, worms, Trojan horses and spyware. These malicious programs can perform a variety of functions, including stealing, encrypting or deleting sensitive data, altering or hijacking core computing functions and monitoring users’ computer activity without their permission.
Adware is the name given to programs that are designed to display advertisements on your computer, redirect your search requests to advertising websites and collect marketing-type data about you – for example, the types of websites that you visit – so that customised adverts can be displayed.
Adware – that collects data with your consent – should not be confused with Trojanspyware programs that collect information, without your permission. If Adware does not notify you that it is gathering information, it is regarded as malicious – for example, malware that uses Trojan-Spy behaviour.
What Does iOS Do to Keep You Safe?
Let’s look at the features built into iOS to see why iOS typically doesn’t suffer from viruses.
App Store Controls
Apple’s infamous “walled garden” approach to iOS apps keeps its users safe. Unlike Android, where you can “sideload” apps you’ve downloaded from anywhere, the only official way to install iOS apps is through the App Store.
And in theory, this means that the millions of apps available are all safe. Apple reviews every app any developer submits to the App Store by hand. If it finds malicious code or dangerous behavior, it rejects malicious apps.
This system isn’t perfect, but it weeds out the majority of dangerous apps that would otherwise be available for anyone to download.
iOS uses a security practice known as sandboxing to make sure apps can’t overstep their bounds. Essentially, this prevents any app you install from accessing data from any other apps.
In addition, nearly all apps run under a limited account on iOS. Without access to the root (administrator) account, apps can’t modify system settings and cause damage.
In effect, this means that even if you did manage to install a rogue app, it wouldn’t have complete access to the OS and files.
Timely iOS Updates
Keeping your operating system up to date is one of the best ways to protect against malware. This is another area in which iOS has a huge advantage over Android.
When Apple releases a new version of iOS, all compatible devices get it right away. Look at the breakdown of iOS installations, and you’ll see that the majority of users run the latest version.
This isn’t the case with Android. A fragmented update cycle means that most users wait months for updates, and some never see them at all. Thus, by keeping their phones updated, iPhone users stay safe from old exploits.
Examples of iPhone Malware
We’ve established that iOS is secure for several reasons. Because of these factors, and due to Android’s widespread use, it’s no surprise that Android is the majority target of mobile malware.
But that doesn’t mean iOS is completely invulnerable. Here are a few real examples of iPhone malware (the iPhone Wiki has even more):
- In early 2017, WikiLeaks released information on methods that the CIA had used to break into iOS devices. Apple stated that it has patched these.
- In September 2015, Apple revealed that hundreds of Chinese-made iOS apps were harboring malware. This was due to developer using a counterfeit version of the development environment Xcode, which is available for free from Apple.
- Several developers in China downloaded altered copies of Xcode, known as XcodeGhost, and unknowingly injected malware into their apps. Apple removed the affected apps from the App Store.
- Before iOS 10.3, Safari was vulnerable to popup abuse. Malicious websites could spam dialogue boxes to lock up the browser, demanding payment via iTunes gift cards to unlock it. This didn’t actually lock the device, however, as savvy users could clear the browser cache to end the freeze.
- Xsser mRAT was a Trojan from late 2014 that could infect jailbroken devices and expose nearly all of their information.
These are just a handful of examples. And while none of these were horrific vulnerabilities that could affect every iPhone user, they still show that iOS isn’t impenetrable.
Problems Not Caused by Malware
Your iPhone can run into a few issues that seem like viruses, but really have nothing to do with them.
And don’t forget about multi-device vulnerabilities like KRACK that affected iPhones before Apple patched them.
Jailbreaking Is a Security Risk
So the average iPhone user is probably never going to see malware on their phone. But we haven’t addressed the biggest security concern for iOS users: jailbreaking.
Jailbreaking means bypassing the restrictions Apple puts on the operating system and taking full control of the device. With a jailbroken device, you can install apps and tweaks that aren’t authorized by Apple, but you also remove the tough security protections that Apple has built into iOS.
The process of jailbreaking your iPhone, iPad or iPod touch is legal in the U.S. for the time being. What is certain is that Apple considers jailbreaking a violation of its warranty, so if something goes wrong during the process, it’s up to you to fix it.
(Jailbreaking is not the same as unlocking, which permits you to change carriers while keeping the same handset.)
If you’re not familiar, jailbreaking allows you to gain access to administrator privileges on your iPhone to get around Apple’s restrictions. On a jailbroken iPhone, you can install apps from anywhere and tweak the OS in ways not normally possible.
While this gives you more tools to play with, it also greatly increases your vulnerability to attack. With fewer of Apple’s protections in place, a jailbroken iPhone user could install infected apps or fall victim to an attack.
Jailbreaking has dropped in popularity, partially because iOS allows users to do more out of the box than it once did. Apple’s increased security has also contributed; developers have to come up with new ways to jailbreak every iOS version.
What About iOS Antivirus Apps?
You might wonder why the App Store has plenty of antivirus apps available if there’s little risk of malware on iOS. When you take a look at these apps, however, it’s evident that they really don’t provide any utility.
Apps like Lookout, Avira, and Norton don’t actually scan for viruses on your iPhone. They can’t do this due to the sandboxing we discussed earlier. Yet most offer a similar set of features, including:
- Phone locator and alarm
- Protection from dangerous websites
- Notifications about iOS updates
There’s one problem with this: you already have access to all these features!
The Find My iPhone feature is built into iOS and lets you locate your phone or sound an alarm. Safari and other iOS browsers display warnings if you visit shady sites. And you’ll see a badge on the Settings app when an iOS update is available.
Other features, like VPNs and monitoring your financial accounts, are best left to dedicated apps. While these “antivirus” apps aren’t malicious, they’re at best duplicates of existing features that you don’t need. But at least they offer some features.
In 2017, Apple removed many fake antivirus apps from the App Store. These placebo apps claimed to scan for viruses, but Apple updated its guidelines to prevent developers from marketing an app “as including content or services that it does not actually offer.”
Your iPhone Should Never Get Malware
Now that we’ve examined all the angles of malware on iOS, we can answer the question: can your iPhone get viruses?
If you avoid jailbreaking your device, install iOS updates in a timely manner, and only install trusted apps, you’ll keep your iPhone malware-free. While there’s a minuscule chance of installing an infected app similar to XcodeGhost, avoiding no-name apps and developers will help you stay away from these.
iOS has rock-solid protections in place that make it difficult to break into. And when vulnerabilities have come up, Apple is typically quick to patch them. You can rest assured that your iPhone is secure.