It’s an age-old idea that Windows and Android devices are insecure messes just waiting to pick up a virus, while Macs and iPhones are immune to such threats. And while Android can indeed pick up malware, smart habits will protect the majority of users.
On the Apple side of the fence, you have to act quite foolishly to infect your Mac. But what about iOS? Can your iPhone really get a virus? Let’s look at the facts.
Viruses and Malware Defined
Before we discuss viruses on iOS—the operating system that powers iPhones, iPads, and iPod Touchs—it’s important to note what these terms mean. Most people use the word virus to refer to any kind of nasty software, but this isn’t technically correct.
Malware is the standard catch-all for malicious software. A virus proper usually infects a computer via installing software, then spreads infection around your device by replicating itself. Eventually, viruses spread to other machines too. While viruses were wildly popular decades ago, they’re not the most common type of malware seen today.
Adware, software that spawns tons of advertisements, has become popular through shady download sites and browser extensions. Spyware monitors your data and send it off to advertising companies. Ransomware locks up your PC and demands payment to get your files back.
To simplify our discussion, we’ll discuss the possibility of any kind of malware on iOS, not just actual viruses.
What Does iOS Do to Keep You Safe?
Let’s look at the features built into iOS to see why iOS typically doesn’t suffer from viruses.
App Store Controls
Apple’s infamous “walled garden” approach to iOS apps keeps its users safe. Unlike Android, where you can “sideload” apps you’ve downloaded from anywhere, the only official way to install iOS apps is through the App Store.
And in theory, this means that the millions of apps available are all safe. Apple reviews every app any developer submits to the App Store by hand. If it finds malicious code or dangerous behavior, it rejects malicious apps.
This system isn’t perfect, but it weeds out the majority of dangerous apps that would otherwise be available for anyone to download.
iOS uses a security practice known as sandboxing to make sure apps can’t overstep their bounds. Essentially, this prevents any app you install from accessing data from any other apps.
In addition, nearly all apps run under a limited account on iOS. Without access to the root (administrator) account, apps can’t modify system settings and cause damage.
In effect, this means that even if you did manage to install a rogue app, it wouldn’t have complete access to the OS and files.
Timely iOS Updates
Keeping your operating system up to date is one of the best ways to protect against malware. This is another area in which iOS has a huge advantage over Android.
This isn’t the case with Android. A fragmented update cycle means that most users wait months for updates, and some never see them at all. Thus, by keeping their phones updated, iPhone users stay safe from old exploits.
Examples of iPhone Malware
We’ve established that iOS is secure for several reasons. Because of these factors, and due to Android’s widespread use, it’s no surprise that Android is the majority target of mobile malware.
But that doesn’t mean iOS is completely invulnerable. Here are a few real examples of iPhone malware (the iPhone Wiki has even more):
- In early 2017, WikiLeaks released information on methods that the CIA had used to break into iOS devices. Apple stated that it has patched these.
- In September 2015, Apple revealed that hundreds of Chinese-made iOS apps were harboring malware. This was due to developer using a counterfeit version of the development environment Xcode, which is available for free from Apple.
- Several developers in China downloaded altered copies of Xcode, known as XcodeGhost, and unknowingly injected malware into their apps. Apple removed the affected apps from the App Store.
- Before iOS 10.3, Safari was vulnerable to popup abuse. Malicious websites could spam dialogue boxes to lock up the browser, demanding payment via iTunes gift cards to unlock it. This didn’t actually lock the device, however, as savvy users could clear the browser cache to end the freeze.
- Xsser mRAT was a Trojan from late 2014 that could infect jailbroken devices and expose nearly all of their information.
These are just a handful of examples. And while none of these were horrific vulnerabilities that could affect every iPhone user, they still show that iOS isn’t impenetrable.
Problems Not Caused by Malware
Your iPhone can run into a few issues that seem like viruses, but really have nothing to do with them.
If your phone is running slowly, you probably need to free up some space or replace your battery due to Apple’s throttling. Seeing ads in Safari is an unfortunate reality of browsing the web, but most aren’t invasive or malicious.
And don’t forget about multi-device vulnerabilities like KRACK that affected iPhones before Apple patched them.
Jailbreaking Is a Security Risk
So the average iPhone user is probably never going to see malware on their phone. But we haven’t addressed the biggest security concern for iOS users: jailbreaking.
If you’re not familiar, jailbreaking allows you to gain access to administrator privileges on your iPhone to get around Apple’s restrictions. On a jailbroken iPhone, you can install apps from anywhere and tweak the OS in ways not normally possible.
While this gives you more tools to play with, it also greatly increases your vulnerability to attack. With fewer of Apple’s protections in place, a jailbroken iPhone user could install infected apps or fall victim to an attack.
Jailbreaking has dropped in popularity, partially because iOS allows users to do more out of the box than it once did. Apple’s increased security has also contributed; developers have to come up with new ways to jailbreak every iOS version.
Thus, jailbreaking isn’t worth the effort or risk nowadays.
What About iOS Antivirus Apps?
You might wonder why the App Store has plenty of antivirus apps available if there’s little risk of malware on iOS. When you take a look at these apps, however, it’s evident that they really don’t provide any utility.
Apps like Lookout, Avira, and Norton don’t actually scan for viruses on your iPhone. They can’t do this due to the sandboxing we discussed earlier. Yet most offer a similar set of features, including:
- Phone locator and alarm
- Protection from dangerous websites
- Notifications about iOS updates
There’s one problem with this: you already have access to all these features!
The Find My iPhone feature is built into iOS and lets you locate your phone or sound an alarm. Safari and other iOS browsers display warnings if you visit shady sites. And you’ll see a badge on the Settings app when an iOS update is available.
Other features, like VPNs and monitoring your financial accounts, are best left to dedicated apps. While these “antivirus” apps aren’t malicious, they’re at best duplicates of existing features that you don’t need. But at least they offer some features.
In 2017, Apple removed many fake antivirus apps from the App Store. These placebo apps claimed to scan for viruses, but Apple updated its guidelines to prevent developers from marketing an app “as including content or services that it does not actually offer.”
Your iPhone Should Never Get Malware
Now that we’ve examined all the angles of malware on iOS, we can answer the question: can your iPhone get viruses?
While it’s theoretically possible for iPhones to pick up malware, with a small amount of common sense, your iPhone should never get a virus.
If you avoid jailbreaking your device, install iOS updates in a timely manner, and only install trusted apps, you’ll keep your iPhone malware-free. While there’s a minuscule chance of installing an infected app similar to XcodeGhost, avoiding no-name apps and developers will help you stay away from these.
iOS has rock-solid protections in place that make it difficult to break into. And when vulnerabilities have come up, Apple is typically quick to patch them. You can rest assured that your iPhone is secure.