Can you get malware on your iPhone? Here’s a guide to Apple iOS security.

Next story

If your phone is running slowly or acting out of character, you may be wondering how to know if your phone is hacked and how to tell if your phone has a virus. While it’s not so common on iPhones, it does happen, so it’s important to protect your smartphone data as best as possible. At ESET, some of the most common questions we are asked include:

“How do I scan for phone viruses?”

“Can data be stolen from your phone?”

“Why aren’t there antivirus products for Apple iPhones?”

For many of us, our favourite mobile device is rather like an extra limb - we feel strange, anxious, or even lost without it. We carry years’ worth of personal information, photos, contacts and apps around on our phones - so it’s no wonder that, with so much to lose, mobile security is quickly becoming a huge priority.

Today, the risk of malware for laptops and PCs is well known, and more and more people are investing in antivirus software for their PCs or laptops for protection. We even offer antivirus and internet security for Macs. There’s also a wide range of excellent mobile security solutions and apps available for Android smartphones.

But what about iPhones? Can iPhones get viruses from websites? To help you feel confident and secure in using your iOS device, here's what you need to know.


Android vs iPhone security explained

To help paint a picture of iPhone and iPad mobile security, let’s first compare iOS with Android – the latter, as we know, has far more cybersecurity apps on the market than does iOS.

Android-powered devices are, in general, much more susceptible to malware than iPhones. This is due to the more permissive nature of the Android Operating System (OS), including options to disable some of its native protective features. Further, there are many versions of the Android OS, and generally carriers or device manufacturers - rather than Android’s developer, Google - decide when operating system security updates are distributed.

In contrast, Apple manufactures iPhones and iPads, is the developer of iOS, and Apple - rather than the carriers - dictates when device owners should update their iOS software, and provides patches much more frequently.

iOS and Android apps are executed in secure environments - called “sandboxes” - but on iOS, these sandboxes are more thoroughly separated from other apps’ data and operating system internals. Remember, this only applies to Apple’s iOS devices  - iPhones and iPads - not Macs. This means that under iOS, it’s far more difficult for a malicious app to hack or infect anything, as it usually isn’t permitted to get close enough to breach another app’s data.

Having said this - security researchers at Google have just revealed a “website hack” campaign exploiting iPhones en masse, highlighting “a total of fourteen vulnerabilities across the five exploit chains: seven for the iPhone’s web browser, five for the kernel and two separate sandbox escapes.”

Apple issued software fixes to address these flaws back in February - but the attack does call the assumed security of iOS devices into question, and there will undoubtedly be more to come on these findings. For now, if you are an iPhone user concerned about breaches and malware on phones, you should ensure your device is running the latest version of iOS to make sure you are protected.


So, why are there no security products for iPhones?

Apple doesn’t permit any true security apps of the sort we’re familiar with for PCs and Macs, to be distributed via the App Store. In fact, the security restrictions enforced by Apple’s iOS design mean that comprehensive endpoint security apps can’t be created for iOS.

To work effectively, any antivirus or similar security solution must be able to access the data of other apps in order to monitor and intervene if an app’s behaviour becomes suspicious. Hence, ESET does not offer a security product for iPhones and iPads. If you trust that Apple can provide the same level of protection as a specialist security developer, then this design limitation might not have you worried about malware on phones.

Any “antivirus apps” you do see on the App Store are not, in fact, proper antivirus apps - they may provide other helpful security features such as anti-phishing, VPN connections, parental controls, password managers, and ad blockers, but they are not able to scan your iOS device and apps for malware. Further, these apps mostly only provide an alternative implementation of functionality Apple already provides with iOS.

Of course, the level of mobile security provided by iOS doesn’t apply to a “jailbroken” device - where someone bypasses the OS’s restrictions and takes full control of the device. However, the majority of iPhones and iPads aren’t jailbroken, with more recent versions of iOS presenting a greater challenge to the crackers. ESET strongly advises against jailbreaking your phone.


The dangers of malware on phones

If you’re concerned about your Android, it’s good to know how to check if your phone is hacked, and how to find spyware on phones. Strange pop-ups, calls not made by you, higher-than-normal data usage, and a battery that’s draining really quickly are all signs that your security has been breached.

If you’re concerned about malware, it’s wise to run trusted software on your phone. Make the most of ESET’s malware protection, anti-theft, and privacy protection features. With over 110 million users worldwide and the offering of a 30-day free trial, ESET is considered highly trustworthy.


The best mobile security practices for iPhone virus protection

While iPhones are typically more secure than Android devices, there is still the potential for a breach of some kind - as demonstrated by Google’s recent “website hack” discovery, which has effectively dispelled the belief that iPhones are not susceptible to any serious security breaches. In addition, other non-malware cybersecurity threats such as phishing, network data breaches, and privacy threats, that mainly depend on social engineering rather than flaws in the design or software, are still very real risks for iPhone users.

Your best defence is to ensure you follow mobile security best practices. Create strong, unique passwords for your iPhone, apps and online services, and enable two-factor authentication where possible (all contemporary iPhone and iPad models have biometric (fingerprint) options built into the device so this should be straightforward for developers). Only install apps you trust, double-check app permissions, and don't click on unknown attachments or suspicious links in emails or on the web.

Also, be aware that while you might consider Apple to be a trustworthy and responsible vendor when it comes to handling your personal data, that does not mean that all other iOS app developers are as trustworthy. Always be cautious about providing personal data to others, research their app permission requirements, and read their privacy policies so you understand what they want to do with your data.

Finally, ensure you make the most of the iOS security system and stay protected with the latest Apple updates:

  1. Open up your Settings app and the open “General.”
  2. Open "Software Update."
  3. Ensure you’ve installed the latest iOS update - the app will say “Your software is up-to-date” if so.
  4. Check that "Automatic Updates" is turned on, so that your iPhone or iPad can install updates without you needing to worry, and be sure to heed warnings about plugging the device into a power source to allow updates to be installed in as timely a fashion as possible.


How do I protect myself from number spoofing?

Receiving a phone call from an unknown number is often a concern, especially when you’re worried about a phone being spoofed. Number spoofing is when someone fakes their caller ID, often to make it look like a local business or person’s phone number. Many people avoid answering these calls, aware that there could be some dangers. It prompts the question: “Can your cell phone be hacked by answering a call?”

The good news is that it’s incredibly hard for hackers to access your phone via a call, but it does happen. Learning how to secure a phone from hackers is easy, too. You simply need to increase your call security settings on your iPhone or Android to limit calls to only the contacts in your address book and all other calls are sent to voicemail.

Maintaining mobile security best practice

Whether you have an iPhone or an Android device, our mobile devices play a big part in today’s digital world. It’s hard to imagine life without them, so it’s crucial to understand the possibilities and limitations of malware on phones. To help you feel confident and secure using whatever device you want, ESET provides a wide array of award-winning malware protection, anti-theft, and privacy protection features to keep you safe. Consider starting our 30-day free trial for mobile security today so you can make sure your data is secure as soon as possible.