How do I change the above trust level if it is a concern and does the above indicate that my phone might have been hacked
iPhone 8, iOS 13
Hey Leonidus77,
It sounds like you have some questions about root certificates on your iPhone. We can understand wanting to know more about that. We want to help.
Some root certificates are trusted automatically as they are a part of iOS. You can learn more about that here: Available trusted root certificates for Apple operating systems
You may have a profile installed on your iPhone or enrolled in Mobile Device Management. This is often the case if the iPhone is associated with a school or business. A profile or Mobile Device Management can add trusted certificates and change the available options that you can adjust in Settings. You can check to see if you have a profile installed in Settings > General > Device Management. You can learn more about that here: Install a configuration profile on your iPhone or iPad
Thanks!
Hey Leonidus77,
It sounds like you have some questions about root certificates on your iPhone. We can understand wanting to know more about that. We want to help.
Some root certificates are trusted automatically as they are a part of iOS. You can learn more about that here: Available trusted root certificates for Apple operating systems
You may have a profile installed on your iPhone or enrolled in Mobile Device Management. This is often the case if the iPhone is associated with a school or business. A profile or Mobile Device Management can add trusted certificates and change the available options that you can adjust in Settings. You can check to see if you have a profile installed in Settings > General > Device Management. You can learn more about that here: Install a configuration profile on your iPhone or iPad
Thanks!
Leonidus77 wrote:
Hi Lawrence, thank you for that, but if that is the case, why can I not change the trust level of the root certificates? I did some reading and this is what I found. I refer to the last paragraph in the attached screenshot.
You can’t change the trust level of Apple installed certificates. If you install your own certificates you can change the trust level. There is no switch on my phone to change trust level, and there shouldn’t be on yours either.
The only way your phone can be jailbroken is if someone who knows how to do it has physical possession of the phone while it is unlocked. They would need 15-30 minutes. If you think this is a possibility restore the phone to factory settings—>Restore your iPhone, iPad, or iPod to factory settings - Apple Support and do not restore your backup.
I have taken screenshots of the General option of the settings menu on my device and this is all I have.
Hi Lawrence, thank you for that, but if that is the case, why can I not change the trust level of the root certificates? I did some reading and this is what I found. I refer to the last paragraph in the attached screenshot.
Thank you Lawrence, that might just be what I was looking for in all this.
It defnitely is possible that someone could have done what you mentioned if I think about it.
but I have also just discovered this and it mentions a profile.
Hi Mario
Thank you very much for responding. I am extremely concerned about the current situation as I believe that my phone has been compromised and that someone else is indeed managing my device remotely.
This iPhone 8 is a phone that I acquired for personal use and which I got brand new from my service provider.
When I went to Settings - General- I cannot find any option showing me Device Management and I was wondering if it would be possible for that option to be hidden from me in the event that my suspicion were to be true and how would I go about figuring out if my device is managed and by who?
Unless you jailbroke your phone it cannot be compromised or controlled remotely. It is also not possible to hide profiles, and your screen shot shows that you have no profiles installed on your phone.
In regard to the jail breaking of the phone, I don’t know how to do something like that, but it is possible that my phone might have been unsupervised and that someone might have been able to do that. How do I check if my phone has been jail broken?
Hey Leonidus77,
It sounds like you still have some security concerns about your device. We can understand wanting to look into that further.
For the best assistance going forward, we'd recommend getting in touch with Apple Support here: Get Support
Thanks!
Your phone might enrolled under a Mobile Device Management program. This would normally be phones that were actually issued by or registered by an organization that participates in Apple Business Manager or Apple School Manager. If so then there is no way around it. If you ever actually reset the phone to factory settings you would see a screen stating that the phone is under Mobile Device Management and the name of the organization that “owns” it. this would not show up as a device management profile. Instead the phone is registered with Apple as owned by the organization.
Leonidus77 wrote:
Okay, I can’t find that screenshot, but this is what I discovered when I tried to use safari on my phone last week
That simply means that the specific site you are accessing does not have a valid TLS certificate. It has nothing to do with the certificate store on your phone.
Was the phone originally sold for use in China? If so that is probably the PRC-required profile.
This phone was part of a contract that I took with a local service provider here in South Africa where I stay. It was brand new out of the box and was not supposed to be under any type of device management. It is for my own private and personal use. I have not given anybody permission to manage my device.
The other strange thing I notice is that my country keeps jumping to the USA even though I change it to RSA daily, I refer to the location at the bottom of the Apple support site pages
Okay, I can’t find that screenshot, but this is what I discovered when I tried to use safari on my phone last week
I found that in the about section under the trusted certificates section
The certificate mentioned in that section today, differs from what it was yesterday, let me check as I also took a screenshot yesterday
In settings on my iPhone 8 full trust for root certificates has been enabled/ toggled as on. This option to toggle it as off has been greyed out and I cannot acces this selection to turn this trust level of root certificates to off.
