Many believe that iOS is the safest mobile operating system of all and that iPhone and iPad can't get viruses. These ideas derive from the fact that for a long time the malware developed to run on devices with iOS on board could be counted on the fingers of one hand. For years and years, hackers have snubbed the Apple world, focusing on the creation of viruses, trojans, adware and malware in general of all kinds dedicated to the Android world.
But today the situation is changing and iOS devices are also starting to be targeted by virus creators. Today, much more than yesterday, it is legitimate and almost necessary to ask whether iPhones and iPads can catch viruses. And, consequently, also ask yourself if it is necessary to install an antivirus on these devices. To give a serious answer to these questions, however, first we need to explain why many believe iOS to be a safe operating system "by design".
Because iOS is inherently safe
There are several reasons why iOS is deemed intrinsically safe. The first is certainly the fact that, unless you jailbreak your iPhone or iPad, it is impossible to download and install apps from alternative stores to the official Apple App Store. And, since there are fewer iOS apps than Android apps, Apple has much better control than Google of what is published: Developers submit their apps for approval, Apple tests them and decides whether or not to pass.
Furthermore, each iOS app runs inside a "sandbox", a sort of closed box from which the app cannot access other resources than those assigned to it. For this reason, it is impossible for an infected app to take control of parts of the memory that do not belong to it, to access files other than the predetermined ones, and so on.
Furthermore, as well as the latest versions of Android, even iOS now has a strict policy for granting permissions to apps: before an app can access the camera, memory and our files, the microphone and many other components of the smartphone appear. a notification asking the user to grant permission.
Finally, iOS has a very limited multitasking: in practice the apps can do almost nothing in the background and must be used one at a time. Consequently, it is very difficult for a virus to be able to do something dangerous while running in the background.
Offers FASTWEBFastwebNeXXt Mobile7.95 € per month until 09/01 90 GB 4 GB in EU and Switzerland Unlimited MIN 500 min in EU and Switzerland Discover our MOBILE offer without restrictions and without hidden costsmore
Viruses for iOS exist
In light of all this, however, we must not make the mistake of believing that iOS is invincible and unassailable by viruses. In October 2019, for example, Apple removed 18 infected apps from the App Store that had "escaped" it at first. Even Apple, therefore, is not an absolute guarantee of safety. It must be said, however, that the viruses contained in those apps were not very dangerous: they were adware, that is, viruses that make fraudulent clicks on advertising banners to defraud the advertising circuits. Nothing serious, therefore, for the user.
The real risk is Safari
In August 2019, Google's Project Zero researchers discovered 14 serious "zero-day" vulnerabilities (i.e. escaped from developers when writing the code) within the Apple operating system and the Safari web browser: 7 in iOS and 7 in Safari, to be precise. These vulnerabilities allowed viruses to spread through a compromised site, and two vulnerabilities allowed viruses to "escape the sandbox" and take control of iOS. And, this time, it wasn't just adware but spyware, password-stealing viruses and iCloud authentication tokens. But also to read iMessage, Skype, WhatsApp messages, e-mails, call list, GPS position and much more.
The problem with configuration profiles
There is also another risk that should not be underestimated, deriving from the so-called "Configuration Profiles" contained in the files with the .mobileconfig extension. These files are used to install a settings package on iOS, macOS, watchOS or tvOS and can change device settings, passwords, access permissions to proxy connections, VPN network, email and calendar settings.
Usually these files are used to standardize the settings of company mobile phones, so that employees simply have to turn on the smartphone and launch the file to be operational in a few minutes, without the intervention of a technician. Of course, however, these files are also a big risk: if a hacker manages to infiltrate the network of a company that uses configuration profiles, in fact, he can modify these files and change the parameters of tens, hundreds or even thousands without any effort. of devices.
Do you need an antivirus on iOS?
And here we are with the question that everyone has been asking for years: does it make sense to install an antivirus on iOS? The answer is no, but simply because the question has no reason to exist. In fact, there are no real antivirus for iOS, nor can there be. An antivirus, in fact, to really work must have unlimited access to the hardware of the device on which it runs and cannot be in a sandbox. There are also apps on iOS that are called "security", but in reality they can do little or nothing and, consequently, are absolutely useless.
January 5, 2020