Any idea why would my Trust Store Version be different? I have all recent updates.

According to Apple its correct and thats what they told me when i contacted them.Most of there devices on display has the same Certificate Trust Settings and so does my friends that has the IOS 14.6 installed.

That is nonsense. The trust store version is a read-only file that is integral with a specific iOS version, so by definition it is the correct version for whatever the iOS version is.

The trust store does not contain site certificates, it contains the signatures of the Certificate Authorities (CAs) that issue certificates. If iOS encounters a certificate that is not signed by a trusted CA it displays a warning that the certificate may not be valid.

That is how it was explained to me too at my local iStore and all of their devices on display had the same trust store versions.Its impossible that all these device including the device on display at the iStore are compromised.

Lol I’m guessing you are much more knowledgeable than Apple security engineers they would only be in the top tier of cyber security experts.

It has to do with the misuse of enterprise developer certificates for malicious activity. Not something the end user can change and requires secure documentation for anyone to request a change . Apple employees all have enterprise devices

Enterprise developer certificates have absolutely nothing to do with the Trust Store or the Trust Store version. They are not in the Trust Store, the are in Settings/General/Profiles. I think you are not understanding the difference. Yes, enterprise developer certificates are abused to allow installation of side-loaded apps not available in the App Store, but this has nothing to do with the trust store version.

Hi, Apple are checking YOUR Apple ID’s from the sounds of it. Which is absolutely useless because the third party developer would use their own Apple ID and login. The Developer account is a paid £200 a year subscription. A hacker won’t be paying for and using your own Apple ID to hack you. They’d be pushing to yours or multiple devices from their account that can push MDM’s. It’s the device itself they’re pushing to, not the interchangeable ID. The new MDM profile attaches to your phone on setup from Apple servers, making escape impossible.

From the Apple community help comment near the top, it sounds like the trust certificate number changes to show additional profiles have been added. I think that’s what we’re seeing. If the trust certificate has been altered, it allows fake DNS to be trusted. Developers can make HTTPS look authentic and all types of phishing, sending through their server first.

.xcarchive is the distribution file for an iOS app, sort of like a zip file. It’s what is actually downloaded when you buy an app. Once it is on your device it is “expanded” into the app itself and its associated settings and data. Normally it is deleted once the app is installed; if the installation is interrupted the file may not be deleted.

I have no idea. You really can learn very little from file names.

UPDATE: I did a little research, and it appears to be a developer’s tool that is used to specify temporary host addresses for testing apps before they are released. Have you ever installed an app that you got from a website and not from the app store?

I also have two PDF files saved on the file application, if I try to delete it says they don’t exist but they’ve been there for at least a week. Both called screenshot and then individual time and dates. Can’t open them. One 4 bytes, the other 300and something bytes.

I think the trust certificate number signifies there’s a MDM profile or other certificates installed. So that certificate might be genuine but used to signify the trust is subject to other profiles/certificates

Thank you so much for taking a look. I would only ever use the App Store but I’ve been DNS spoofed on my phone, been sent to urls which looked different once clicked on. I’d reset the DNS to a trusted one, then it would get changed back. It was noticeable the urls would change from known (www.google.com to something that started the same but with a ton of extra text on the end of it).

I’ve tried to collect evidence of what’s happening: https://imgur.com/user/ITAssistanceScreenshots

Your router may have been hacked. If you set the DNS to 8.8.8.8 it should stay at that for your Wi-Fi connection; you have no control over the DNS when using cellular (mobile) data; that is chosen by your carrier. If you use public Wi-Fi you probably cannot select your DNS setting, although you can try.

Hi, I have Nord VPN, let’s you set DNS, even for cellular. It works to correct the DNS at first. Then it reverted back to where it was sending before, but still shows the new DNS settings.

VPN timer shows in the app as continually running. The IPhone settings show the VPN timer experiences breaks, resetting the timer. Also the VPN appears as off and quickly resets (takes about a second) to show it’s been on with a continuous unbroken timer count when I go in the app. (The general settings on the iPhone show the real running time).

Thanks for the interesting advice re: VPNs. Since my main concern is a specific hacker it seems the limited use they are would still give me some protection over not using one in my case.

Is there any way I can prevent a Developer/Enterprise/MDM profile being attached to my iphone? I’m scared how relentless this hacker is and it’s so violating. I desperately need help.

I am very respectful of the fact you are obviously very knowledgeable and thank you for helping me. This is happening to me and the most obvious reason seems to be a MDM profile. Especially with the Xcode named file. I’m being phished. Could a fake link have added the profile to begin with? I’m being DNS spoofed and could have been infected with goodness knows what to set up profiles. I did have two apps that were the same, with one with an extra space in the name but now I can’t find duplicate apps. Sideloading with Xcode seems to be the most reasonable conclusion. Did you take a look at my screenshots? Also, does the device to be supervised have to be physically linked to iTunes or something first? Or is it just getting the data off the phone to set up that device? Because I think they must have to get three phones, all brand new and all remotely hacked (although they most likely phished me and infected me first that way).