MDM on personal iPhone - Businesses, unauthorized developer activity HELP!

I am a personal 'User' I have cycled through many hours and days with support. No one knows what is going on. Most likely because I am never able to speak with someone that understands the Enterprise platform. I feel this is happening via my carrier- but Fraud sent me to Tech support. Tech support told me my phone is hacked and to file a police report.

In combination I suspect that MDM is a gateway for an external developer to access my phone via various methods: webkit, Xcode, Apple Store Connect, SDK

I am about 99.99% sure I know why, but that is something that I will not disclose because most likely all of my activity is monitored; despite the very strict privacy settings I try to maintain.


Symptoms:

  1. My apps will sometimes tell me they did not come from the App Store (Maps, FindMyiPhone, etc..)
  2. When I make an attempt to chat with Apple support I receive a message to Use Messages to Connect with Business. When I have my iPhone in LOCKDOWN mode I receive a message that I cannot use Messages for Business when my device is locked down.
  3. I only have one device. However, I am sharing across devices- many times or I have the option to. The choice is not grayed out.
  4. I am unable to perform an Emergency Reset because I am usually sharing something - Notes, Home, Health, Books....
  5. I do not use iCloud Drive due to multiple security concerns. Almost every time that I double check those settings apps show that they are using iCloud Drive. (Game Center, Health or Fitness, Notes, Books, Apple Support, Wallet) While clicking to turn OFF syncing I have had a battle with it changing right back before my eyes. (I have screen recordings)
  6. Game Center will come on even though I have strict Screen Time settings.
  7. I am generally either sharing, or my phone is gathering data from Health; even though that privacy option is supposed to keep that from happening.
  8. Sometimes I am unable to even sign out of my phone due to 'restrictions'.
  9. I have 'Share with Family' sometimes

*Those are only a few symptoms. That is minus the horror I see from the extraction of information I backed up into Kali Linux

As I have mentioned I have spent many many many hours with Support. One Senior Director did spend time Googling the services that show up in my Analytics. I have even uploaded screen shots and documents, but I never heard back.

I REALLY REALLY need help here.

I will add attachments. They won't be nearly the amount I have. I am begging!!!



iPhone 13, iOS 16

Posted on Apr 2, 2023 2:32 PM

Reply

Similar questions

107 replies

Aug 12, 2023 5:41 PM in response to -Hey-You13-

The MDM can do many things per Apple documentation, it can hide apps and features, install other (hidden) programs, and much more. It’s all outlined under Apple MDM documentation. It can revert your devices instantly. It’s the only app I’ve ever seen that comes with a “hide” button. I’m beginning to wonder if it’s a rogue MDM? I’ve been in Security for decades, never seen anything that can compromise any device in minutes? Plus, I don’t know “where” it is stored. At one point, I thought I got rid of everything but apparently I did not. I’ve heard a printer mentioned, I didn’t get rid of that however. I’ve seen ssh being used initially when network was still plugged in, but now I have a rogue “Wi-Fi hotspot” that is managed. Very frustrating.

Aug 13, 2023 8:58 AM in response to T3ddy19

Printers tvs phones laptops , routers, Chromebook tablets. You car!!


Anything with wifi or Bluetooth. My ex added me to his business cloud and created fleet device management. I can’t get away from it. I have no money to keep replacing devices only to have them reinfected within day or days.

This tech is being used to abuse other people it needs to be fixed so it can’t. It’s being used maliciously as much as it is for legit business purposes. :(


apple help us in Canada. We have no cyber laws!

Aug 29, 2023 7:55 AM in response to AgentDragonfly

Some of your particular symptoms here are different to mine but let me just say this.


I have had MDM’s deployed by apple

over all the devices I’ve purchase over the last 3 years that I know of.


Apple will NOT admit to you if this is the case. I even called JAMF, who provide MDM services For Apple. The guy said to me that maybe Apple “accidentally” took a device from the pile which have MDM deployed on them. I laugh because it’s every single device I buy and it’s inescapable.


As much as I love their products and fantastic service, as a company, they can’t be trusted. Their devices are backdoored to provide access

to the major US spy agencies and they have to. Apple execs would be prohibited from ever revealing this to the public or face criminal charges.


Perhaps you’re a person of interest

more so than others I’m not too sure but your MDM here is very obvious. Hopefully you can attempt to have it “removed” or at least the hard core restrictions.


I hate to break it to you but this is the way things are now due to Mass Surveillence. I don’t like it either but we simply don’t have a choice.

Sep 27, 2023 5:19 PM in response to Community User

Add me to the list. My suspect has two businesses and I suspect I’ve been made an employee; workspace accounts I don’t have. Google chat I don’t use. iMessage for business. Contact your administrator. Devices restricted to only using data turn in Bluetooth or tethering by themselves. Some have even switched to wifi on their own. Desktops iPhone laptop Chromebook kindle tablet printer. Even my headphones want to connect to a Bluetooth headphone device that nobody here owns. Sometimes it’s it unconnected by tablet and the prompt to pair with unknown device appears.

3 years, 14 phones, 3 laptops 3 routers, two printers, and a smart TV.

we are not crazy. We need help from authorities. Apple needs to be help accountable; when I request a super call they are blocked from calling me and still there’s no problem?!

I’m from Canada. No cyber laws. Police called me delusional. Avoided my reports. Refused to investigate. I page to hire a PI at the time of about 5g if ever want this to end. I’ve been told by a woman’s abuseOrganization is the only way to get a personal stalker because of the above statement; no knowledge or laws for cyber security and victims of these crimes. It’s someone we know. Especially if no random and just torment.

Oct 12, 2023 3:32 PM in response to AgentDragonfly

i am a personal user as well and i have tried everything! apple store is a waste of time all they did was reset and it was already on there when i booted it.

question....under root trust certificates, do you have a greyed out single certificate that you fid not approve?

they ssy its not possible but i never had the option when i got this phone.

its a digicert root ca and its on all my devices!

Oct 12, 2023 3:56 PM in response to T3ddy19

i have been researching and digging for almost 3 years on my own. no one believed me and after proving it they just did not want to hear about it. i know this is apple site but this is my 7th phone but first iphone the other 6 were android. the common factor is root installed and radio access tech or RAT which is also remote access and that is used too. next is api restful api to be more precise which can come from multiple areas. i have matched api, root access, mdm, iot, bluetooth, to every device. microsoft azure, visual studio, googleapis, enterprise, yahoo, facebook, and many more. facebook is the most seen on phone but my desktop is all microsoft. i have used windstream and spectrum and both routers were taken over as well.

get a network analyzer app and you will literally feel your mouth fall open at what you find. im on a loopback completely separate from every other device. i have dns that make no sense.

we need to get together and fight this!

Oct 12, 2023 4:38 PM in response to T3ddy19

i have been at this going on three years, boxes of paper and 3 harddrives off laptops that have all this. they are safely stored. the current desktop has it too with a twist... i have no microsoft account but the computer is running an insider copy of windows and so is my hp laptop. i did not do this and cant get rid of it without the email and password i dont know!!!

i also have xbox live, gamebar credentials that get loaded back every day! i have keystroke recorder and today guess what? ... i can type online but the keyboard stops working if i try to search the computer!!!!

Oct 13, 2023 7:03 PM in response to shoeluvr13

Unfortunately there is a huge potential for unitized root certificates, especially if victim of said crimes and occurrences. Unfortunately both Apple and authorities have left many desperate, know they are being stalked by someone they know, have no choice but to self learn to try and protect something. To attempt something to stop it.

kinda harsh and I’m sure your initial response would be different if it happened to you.


Sincerely,

3 yrs personal cyber stalking attacks and impersonation from stolen account credentials.

Oct 18, 2023 12:12 AM in response to Shewolf1989

Hi folks,


I've spent this whole year to date researching this campaign since I first started noticing non-typical activity on my iPhone, MacBook Pro and Mac mini. I've been using Apple products since the 80's and am fortunate to have never had any issues until now.


First I must preface the rest of this post by saying that some of the behaviours you see are BigTech harvesting user data. This has always been the case and is written into user-agreements you accept upon activation. Add on top of that any app you install will also have its hand in documenting the activities you engage in on your computer, device or 'smart' connected tech as is written their terms (linked on the page) you accept upon downloading and installing. 


You only need to glance over the privacy notice within the apps information on the AppStore to see the scope of what some apps collect. TikTok remains the top of the list closely followed by the big social media brands etc. There are also many apps still on the AppStore who have not updated since Apple introduced mandatory display of the data the app intends to collect, so exactly what they are taking from you remains unknown to its users.


However, while BigTech data extraction is a typical event on tech, data is a trillion dollar business and has undoubtably attracted the attention of bad actors who want a slice of the pie which is why there is a high prevelance of data mining exploits.


I'll reiterate a previous post that agrees, you are not imagining things. Whoever is behind the non-typical activity we are experiencing - likely has MDM-like control over your phone/computer.


You're seeing developer activity because developer mode is what the MDM-like behaviours are implemented through. This is occuring even though you all report there are no MDM certificates installed, the developer mode option isn't activated in settings, you are not enrolled in the beta or developer program and finally, you don't have TestFlight installed.


To date, Kaspersky are the only voice in the threat-hunting world who recently openly declared they no longer believe that Pegasus-style attacks are limited to only a small handful of people. They assert this because they invited comment from the general public regarding the 'Triangulation' attack and were flooded with emails with evidence of similar attacks on civilian devices.


Although much of the detailed information on these attacks are not public, what I have personally observed regarding the permissions attributed to various daemons and processes on iOS and macOS is attributed to the events many of you are seeing too. These are closely aligned to 'Triclops' (the only Pegasus-style survelliance documentation in the public arena) which appears to revolve around developer privileges. While I am not making any claims that what are experiencing is linked to the groups carrying out attacks on high profile targets, I am asserting that there is a group behind this long-running campaign who have leveraged developer privileges for the purpose of data extraction. The vast amount of evidence strongly suggests the three goals are scams, advertising interference and intelligence gathering.


I'll leave it here as I wish to respect the Community Use Agreement, but take heart, the number of people noticing non-typical things on their tech is growing. I look forward to maybe one escaping their clutches and reclaiming my tech, my accounts and just maybe, a little bit of the fun and awe tech used to provide.

MDM on personal iPhone - Businesses, unauthorized developer activity HELP!

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.