Can you get malware on your iPhone? Here’s a guide to Apple iOS security.

Next story

At ESET, some of the most common questions we are asked include:

“Why aren’t there antivirus products for Apple iPhones?”

“What’s the best antivirus for Apple iPad?”

“How do I scan an iPhone for malware?”

For many of us, our favourite mobile device is rather like an extra limb - we feel strange, anxious, or even lost without it. We carry years’ worth of personal information, photos, contacts and apps around on our phones - so it’s no wonder that, with so much to lose, mobile security is quickly becoming a huge priority.

Today, the risk of malware for laptops and PCs is well known, and more and more people are investing in antivirus software for their PCs or laptops for protection. We even offer antivirus and internet security for Macs. There’s also a wide range of excellent mobile security solutions and apps available for Android smartphones.

But what about iPhones?

To help you feel confident and secure in using your iOS device, here's what you need to know.


Android vs iPhone security explained

To help paint a picture of iPhone and iPad mobile security, let’s first compare iOS with Android – the latter, as we know, has far more cybersecurity apps on the market than does iOS.

Android-powered devices are, in general, much more susceptible to malware than iPhones. This is due to the more permissive nature of the Android Operating System (OS), including options to disable some of its native protective features. Further, there are many versions of the Android OS, and generally carriers or device manufacturers - rather than Android’s developer, Google - decide when operating system security updates are distributed.

In contrast, Apple manufactures iPhones and iPads, is the developer of iOS, and Apple - rather than the carriers - dictates when device owners should update their iOS software, and provides patches much more frequently.

iOS and Android apps are executed in secure environments - called “sandboxes” - but on iOS, these sandboxes are more thoroughly separated from other apps’ data and operating system internals. Remember, this only applies to Apple’s iOS devices  - iPhones and iPads - not Macs. This means that under iOS, it’s far more difficult for a malicious app to hack or infect anything, as it usually isn’t permitted to get close enough to breach another app’s data.

Having said this - security researchers at Google have just revealed a “website hack” campaign exploiting iPhones en masse, highlighting “a total of fourteen vulnerabilities across the five exploit chains: seven for the iPhone’s web browser, five for the kernel and two separate sandbox escapes.”

Apple issued software fixes to address these flaws back in February - but the attack does call the assumed security of iOS devices into question, and there will undoubtedly be more to come on these findings. For now, if you are an iPhone user, you should ensure your device is running the latest version of iOS to make sure you are protected.


So, why are there no security products for iPhones?

Apple doesn’t permit any true security apps of the sort we’re familiar with for PCs and Macs, to be distributed via the App Store. In fact, the security restrictions enforced by Apple’s iOS design mean that comprehensive endpoint security apps can’t be created for iOS.

To work effectively, any antivirus or similar security solution must be able to access the data of other apps in order to monitor and intervene if an app’s behaviour becomes suspicious. Hence, ESET does not offer a security product for iPhones and iPads. If you trust that Apple can provide the same level of protection as a specialist security developer, then this design limitation might not concern you.

Any “antivirus apps” you do see on the App Store are not, in fact, proper antivirus apps - they may provide other helpful security features such as anti-phishing, VPN connections, parental controls, password managers, and ad blockers, but they are not able to scan your iOS device and apps for malware. Further, these apps mostly only provide an alternative implementation of functionality Apple already provides with iOS.

Of course, the level of mobile security provided by iOS doesn’t apply to a “jailbroken” device - where someone bypasses the OS’s restrictions and takes full control of the device. However, the majority of iPhones and iPads aren’t jailbroken, with more recent versions of iOS presenting a greater challenge to the crackers. ESET strongly advises against jailbreaking your phone.


Can you get malware on your iPhone?

While iPhones are typically more secure than Android devices, there is still the potential for a breach of some kind - as demonstrated by Google’s recent “website hack” discovery, which has effectively dispelled the belief that iPhones are not susceptible to any serious security breaches. In addition, other non-malware cybersecurity threats such as phishing, network data breaches, and privacy threats, that mainly depend on social engineering rather than flaws in the design or software, are still very real risks for iPhone users.

Your best defence is to ensure you follow mobile security best practice. Create strong, unique passwords for your iPhone, apps and online services, and enable two-factor authentication where possible (all contemporary iPhone and iPad models have biometric (fingerprint) options built into the device so this should be straightforward for developers). Only install apps you trust, and don't click on unknown attachments or suspicious links in emails or on the web.

Also, be aware that while you might consider Apple to be a trustworthy and responsible vendor when it comes to handling your personal data, that does not mean that all other iOS app developers are as trustworthy. Always be cautious providing personal data to others, read about the permissions their apps require and read their privacy policies so you understand what they want to do with your data.

Finally, ensure you make the most of the iOS security system and stay protected with the latest Apple updates:

1. Open up your Settings app and the open “General.”
2. Open "Software Update."
3. Ensure you’ve installed the latest iOS update - the app will say “Your software is up-to-date” if so.
4. Check that "Automatic Updates" is turned on, so that your iPhone or iPad can install updates without you needing to worry, and be sure to heed warnings about plugging the device into a power source to allow updates to be installed in as timely a fashion as possible.


Maintaining mobile security best practice

Whether you have an iPhone or an Android device, our mobile devices play a big part in today’s digital world - it’s hard to imagine life without them. To help you feel confident and secure using whatever device you want, ESET provides a wide array of award-winning malware protection, anti-theft and privacy protection features to keep you safe.