iPhone Analytics

austin0000 wrote:

Well my phone is presenting symptoms of possible spyware or other security concerns, and I believe the analytics would contain information on that. I’ve already gone through the obvious troubleshooting channels and contacted support to no avail. It doesn’t seem like my problem actually gets looked at. So I’m thinking if I provide a “smoking gun” per say I can get some actual support for an issue I don’t have the knowledge to fix.

So, forensics.

To start off: yes, there are exploits against iPhone. Yes, there is spyware too, and most of that looks at the iPhone backups.

Attacks so far have been targeted. And the malware has increasingly been taking steps to reduce detection.

Exploits are very interesting. But the vast majority of “hacked” or “virus” reports around are not exploits, though.

So, what might those symptoms be? More than a few of these reports are likely software errors, network errors, or hardware errors. Ghost touches from faulty displays and faulty digitizers are a hardware failure that can be very disconcerting, for instance.

And yes, there are forensics tools too, though those are usually proprietary and not openly available.

Looking for unknown telemetry patterns for an unknown and quite possibly absent problem within an ever-increasing stream of data is an ineffective strategy. Put differently, this is looking for a needle in an unknown and increasing number of haystacks, when you’re far from sure what the needle looks like, or even if there’s a needle.

Apple has enough of this telemetry data to get a view of both normal, and of nascent issues, and Apple knows what the data should look like, but the rest of us—those without ubiquitous network access—just don’t.

If you’re concerned about security and have concerns about what is installed, factory-reset the device, reset all passwords to new and unique values, secure your password-reset paths, secure your carrier PIN or passcode, change your device passcode, resolve the security recommendations reported for your device by Apple, encrypt your backups with a robust password, enable two-factor authentication, check location sharing, and update to current iOS. Etc.

If you are a political dissident, investigative journalist, criminal, have access to financial or sensitive or classified data, then you can be a target, and you need better security advice than that from forum postings.

This doesn’t get looked at very often because it’s a whole lot of technical work, it’s expensive and detailed work, and far too often with nothing to be found, and because finding nothing then doesn’t necessarily satisfy the folks reporting the issue. If you want this looked at, expect to pay for the forensics. And expect nothing to be found.

No, not outside of Apple; Apple engineers have AI apps that read analytics files and report anything unusual; 99.9% of the contents of a log file are just routine information saved in case an issue needs to be traced backwards to a root cause. And the results would be meaningless to you anyway, unless you had the restricted iOS data dictionary.

The developer tools in x code that you can access when you are a developer.

If you aren't a developer, there is no reason for you to be looking at the log files

Unless you jailbroke your iPhone it definitely does not have spyware or any other security issues. And even if you did jailbreak it that does not necessarily make it vulnerable. There are no known ways to install spyware or any other malware on an iPhone without physical possession of it while it is unlocked.

Anyway, good spyware would be undetectable; if it wasn’t it wouldn’t be good spyware.

Apple pays a fortune to anyone who reports a demonstrable vulnerability in its software products, which means that professional “white hat” hackers are constantly trying to break it. So far this year they paid $250K for one report of a potential vulnerability that was promptly fixed in an update of iOS 15 to block it. And when iOS 16 is released they are offering $1 Million to anyone who can find a vulnerability in the enhanced security feature Lockdown Mode.

That certainly is true. There’s a lot of nonsense on the Internet; for example try Googling “the earth is flat”. If you have any actual evidence, and not just conspiracy theories and ranting feel free to post them for debunking.

There are no zero day exploits that can infect iOS. NONE. No matter what nonsense is posted by people who don’t know what they are talking about.

BTW, No one posting in ASC works for Apple. We are all users like you. And my response is from my 50 years experience in the IT world, including classified projects.

austin0000 wrote:

i know how ambiguous and unpractical I sound.

You will need to work to better differentiate your report.

And believe me when I say i have done all those steps and then some with no success. Let’s just say, I’m not a low-profile individual.

Then you need better security-related advice, and that advice better tailored to your particular situation and needs.

There’s further evidence beyond just my digital evidence, but given the sensitivity of the issue - I try to keep my issues concise. So if not from a forum, where in apple can I get the support needed? Because I’ve had apple support literally SharePlay with me and they refused to even look at my app privacy report. After I showed proof and evidence, with screenshots of the report & screenshots of searches of that domain, and they just simply refused to address it. They stonewalled me with a whole lot of nothin. like the other individual who commented on here.

Absent forensics data gathered showing an issue, or direct device access to acquire forensics, discussions here aren’t going anywhere. Which means you either learn about forensics and reverse engineering, or you hire an entity with those skills, or you follow practices and procedures intended to make compromises more difficult to achieve and then exploit.

I don’t know what else to do.

Update your security, and your technical awareness. That possibly with direct help. Adapt to expecting compromises and to adopting approaches intending to isolate and compartmentalize potential (or actual) breaches.

If you are affiliated with an organization that can or does provide security-related technical assistance, check with them.

As for forensics evidence, the “is presenting symptoms of possible spyware or other security concerns” is unlikely to be sufficient forensics evidence, nor is scanning telemetry without specific search targets likely be , nor were whatever photos or screenshots presented to Apple apparently viewed as sufficient.

There are open-source tools that can reportedly detect residue from some versions of NSO Pegasus, though how well those tools might work in current times? Attacks do change, and do evolve. If you do decide to use those tools as a starting point, you will also learn rather more about forensics and data collection. And this tooling is but one of various possibilities here.

For digital forensics, or for some other purpose?