MDM on personal iPhone - Businesses, unauthorized developer activity HELP!

I am a personal 'User' I have cycled through many hours and days with support. No one knows what is going on. Most likely because I am never able to speak with someone that understands the Enterprise platform. I feel this is happening via my carrier- but Fraud sent me to Tech support. Tech support told me my phone is hacked and to file a police report.

In combination I suspect that MDM is a gateway for an external developer to access my phone via various methods: webkit, Xcode, Apple Store Connect, SDK

I am about 99.99% sure I know why, but that is something that I will not disclose because most likely all of my activity is monitored; despite the very strict privacy settings I try to maintain.


Symptoms:

  1. My apps will sometimes tell me they did not come from the App Store (Maps, FindMyiPhone, etc..)
  2. When I make an attempt to chat with Apple support I receive a message to Use Messages to Connect with Business. When I have my iPhone in LOCKDOWN mode I receive a message that I cannot use Messages for Business when my device is locked down.
  3. I only have one device. However, I am sharing across devices- many times or I have the option to. The choice is not grayed out.
  4. I am unable to perform an Emergency Reset because I am usually sharing something - Notes, Home, Health, Books....
  5. I do not use iCloud Drive due to multiple security concerns. Almost every time that I double check those settings apps show that they are using iCloud Drive. (Game Center, Health or Fitness, Notes, Books, Apple Support, Wallet) While clicking to turn OFF syncing I have had a battle with it changing right back before my eyes. (I have screen recordings)
  6. Game Center will come on even though I have strict Screen Time settings.
  7. I am generally either sharing, or my phone is gathering data from Health; even though that privacy option is supposed to keep that from happening.
  8. Sometimes I am unable to even sign out of my phone due to 'restrictions'.
  9. I have 'Share with Family' sometimes

*Those are only a few symptoms. That is minus the horror I see from the extraction of information I backed up into Kali Linux

As I have mentioned I have spent many many many hours with Support. One Senior Director did spend time Googling the services that show up in my Analytics. I have even uploaded screen shots and documents, but I never heard back.

I REALLY REALLY need help here.

I will add attachments. They won't be nearly the amount I have. I am begging!!!



iPhone 13, iOS 16

Posted on Apr 2, 2023 2:32 PM

Reply
Question marked as Top-ranking reply

Posted on Apr 3, 2023 6:45 AM

Sadly, there doesn't seem to be any help and the ones that will respond, will tell you you are either crazy or you can't be hacked unless you have your device to someone.


For what it is worth I have been dealing with this and here is what I have learned; you need to delete your old apple id's and confirm that they are deleted. You may not be logged in to any (neither was I) but it has something programmed into the IOKIT boot so you cannot reset the NVRAM properly, leaving find my process to look as if the activation lock is on.


Make appointments for each apple product to have a firmware/software update through DFU mode and make sure it is DFU because a factory restore will not remove the cache that is lingering in the files. This should all be done at the same time otherwise it will talk to the other device and reestablish itself.


The factor reset you are doing doesn't work because it does not empty the trash and it seemingly blocks any terminal command to do so as well.


Before you boot up your computer(s) & phone(s) delete and confirm you have deleted all of your previous apple id's. Write down the code it provided to delete the id because chances are you will have to call to

confirm its deletion.


If you have a google ID, check to see if you are enrolled in any trial based workspace or fire base programs. Workspace allows device control as well.


I have changed our TV's and printers but it still seems to latch on to any printer so now we do not print. Debilitating to say the least.


I believe that there are enough of us out there to confirm that this problem exists but apple will not respond until they have fixed it. I know it sucks. Two factor everything and I wouldn't suggest any external usb or thunderbolt security keys.


I also would not suggest any products other than apple. That will only make your situation worse.. even the keyboards because it will load a generic driver onto your device. Only use apple wires as well. I am definitely not an apple advocate, only sharing what I have come to accept and learn.


You may have to go line by line in settings on your iPhone to turn off everything that you do not use and if there is an arrow on it, click to make sure there is not an opportunity to bypass your defaults. The Mac computer is the same and there are probably about 100 Plists that will try to alter your default settings so do not take anything for granted until you have clicked through it all. Plists are just preference and apple will tell you that it does not mean that they are being used. That is absolutely correct but the Plists I have seen start with NVRAM and a fmm (find my

mac activation) which is huge problem.


for whatever reason it uses nfc and mdm BUT mdm does get removed later on during the process. It keeps respawning. So it isn't necessarily MDM as much as it is trying to be so I presume that there is some detail in the MDM program that helps it get what it needs.


The shared cache you are seeing is at best guess, all of the info it has collected on you and will keep looping together. This is just a guess but I have been watching it on mine as well. I could 100 percent be wrong but I believe the cache is what keeps this process communicating between devices.


There are enough of us out there with this problem. I am sure that we have a common thread but I have no idea what it could be. I just know that no one is going to help me or my family and I am just going to have to do my best to keep my kids safe.


I could bring a new computer into this house and within ten minutes watch it try to harvest my old apple ids, while Bluetooth sniffing and try to connect to something nonstop. Eventually, it gets back in and the new id becomes corrupt, I delete it and start again hoping the last apple update resolved this issue. Two years later and I am headed back to the Apple Store today to pick up a couple of devices.


I wish someone had better news for the both of us but this is the best advice I can give you.

Similar questions

160 replies

Nov 18, 2023 5:28 PM in response to AgentDragonfly

I’ve been dealing with similar since 2019. However I had a group of high tech hackers move in next door.


I’ve called in/went into the provider store too many times to count regarding this “MDM” issue and many of the things you’re dealing with and have been told that yep I can’t be hacked but if you search online with words “hacker placed men on my iPhone”, or “iPhone hacked”, you’ll find legitimate tech sites showing that apple knew about the problem back even as far as 2015.

There is also the issue of some using Microsoft Azure to do some control but if you go onto your Apple ID and search for system status then look for developer status, you’ll see if you’ve been linked to Apple’s business software or schooltime etc. you may get lucky and be able to click and see exactly the developer that is connected to them. That may help.

May 1, 2024 5:30 PM in response to AgentDragonfly

Same here!!! To all of the above. I have been dealing with this since Oct 2022- that I know of!! I’m sure I am targeted as well. Every topic I have raised awareness to was shut down and I was told impossible, even though I can now find proof and articles of things I’ve been saying for years!! We need to get together. My last post got removed so i deleted a lot of it.


I have found several federal laws and cases that will support that not only are our our constitutional rights and privacy laws being violated but also intellectual property protections and trademark. I can go on but let’s see if this posts lol

Jul 24, 2023 10:54 AM in response to AgentDragonfly

I thought I would run out of space, so continued. Show recent “in the news”attacks on IOS and other devices, this will help with local authorities to understand this is a huge issue! Look at Wiggle dot net, this will provide network activity, the source, connectivity (bluetooth, Wi-Fi and so on) and if you create an account, a must, your specific data. You will likely see a spike in network activity. I was most surprised to see the volume of Bluetooth activity, unaware that one BT connection could attach to and take over 8 devices! This started after unplugging my network, with help from the hidden hotspot, and I found several things in my home, Wi-Fi connected smart bulbs, altered door bell, more. The Wi-Fi must be on for detection. And in my car, it must be moving prior to detection.


if you suspect someone, you are likely correct. I’m almost certain the first MDM must be installed locally, with device in hand. After the first install, the rest can be remotely installed. BTW, there are methods to look at more data on the device, I’ve not tried it, but it requires a working device and Intune (I think).


Id also try to ask the person you suspect if they are doing it, and request them to stop before taking it further, if you care about this person. The subpoena will tell you who/where/when, then a lawyer would likely be required. Or you could get a restraining order. I don’t want to cause harm to the suspect, and I’ve already been told the who/where part. In addition my nieces Apple account was on one of the missing iPads! So if someone is within or around your network I guess they can install on other devices within the designated area? I’m really not certain exactly how her Apple ID was compromised? It had my account on it. And worse, some installed malware contains other bad activities, of which I have no way of knowing which malware is doing this or how. WiGLE dot net shows some info on this. They can also completely control your phone, (and email), block phone calls, make phone calls with your number, using accessibility apps, switches, any number can be added and make and receive calls (if you find your phone not working). These calls will show up in history under FaceTime, but when you look, history is quickly deleted. There are other apps that do this as well. Unlike years ago, when spoofing or faking a phone number, this allows 2 way communications! I suspect they could receive authorization codes as well. My screen has shown “a new iPad/phone” has been added to your account, but they don’t show under devices. Once or twice I saw the missing device listed, called Apple, they “untrusted” it, but the individual called support the following day and added it back!

Aug 13, 2023 8:58 AM in response to T3ddy19

Printers tvs phones laptops , routers, Chromebook tablets. You car!!


Anything with wifi or Bluetooth. My ex added me to his business cloud and created fleet device management. I can’t get away from it. I have no money to keep replacing devices only to have them reinfected within day or days.

This tech is being used to abuse other people it needs to be fixed so it can’t. It’s being used maliciously as much as it is for legit business purposes. :(


apple help us in Canada. We have no cyber laws!

Sep 27, 2023 5:19 PM in response to Community User

Add me to the list. My suspect has two businesses and I suspect I’ve been made an employee; workspace accounts I don’t have. Google chat I don’t use. iMessage for business. Contact your administrator. Devices restricted to only using data turn in Bluetooth or tethering by themselves. Some have even switched to wifi on their own. Desktops iPhone laptop Chromebook kindle tablet printer. Even my headphones want to connect to a Bluetooth headphone device that nobody here owns. Sometimes it’s it unconnected by tablet and the prompt to pair with unknown device appears.

3 years, 14 phones, 3 laptops 3 routers, two printers, and a smart TV.

we are not crazy. We need help from authorities. Apple needs to be help accountable; when I request a super call they are blocked from calling me and still there’s no problem?!

I’m from Canada. No cyber laws. Police called me delusional. Avoided my reports. Refused to investigate. I page to hire a PI at the time of about 5g if ever want this to end. I’ve been told by a woman’s abuseOrganization is the only way to get a personal stalker because of the above statement; no knowledge or laws for cyber security and victims of these crimes. It’s someone we know. Especially if no random and just torment.

Jul 24, 2023 12:35 PM in response to AgentDragonfly

Ok, part 4, if I’m allowed 4 posts.


This is about 1%. Do a wildcard search on you Linux box using MDM, both in files and in root. I know nothing about Linux, but on windows the search would be *MDM*.* then the same for system or root files, but use the % in place of the * then note the location. Other files will likely be listed under the same location. Many may be cab (or cabinet files), most are encrypted.


ok, I’ll try to summarize again:

collect data from all sources. Create a one page summary by category, email, rogue emails (my Facebook account was removed after my address was used to send links to my no longer available contacts, a virus?). Also, look for emails that you did not send, and settings changes on device vs on public. System changes, harder to document, you could use a video. Deleted or offloaded data (check for added cloud services other than iCloud). Look at FaceTime history, I deleted FaceTime and it came back. Rogue hotspots, scan house for Wi-Fi, NFC, Bluetooth, RF and such. Avoid paying large sums to “pros” for scanning. Look at internal images of smart bulbs online. Look at YouTube to see how Wi-Fi can be added to almost anything! Document and provide images for the things you listed above, reference page numbers in summary. Include recent attacks, they are difficult to find, but they are out there. The Attorney General in NYC got a lot of press on his find with Apple Phones. There was another article on YouTube also WSJ and iPhone attacks, but I don’t recall the details. I think if you can provide proof and get authorities interested in what it could do for them it might help, plus, it’s all (mostly) new, except Pegasus which they keep announcing as new but it’s been around since 2015. They will also ask why you think you are a target, implying you are a nobody, why would anyone be interested in your information. There are articles on why ppl are cyberstalkers, look this up to provide an answer. My work history has including a couple of high target risks (such as banking Information Security) which has made me a target in the past, or it could be an X BF or GF. Provide info on why.


I think everything has to go. Unless you are able to get it removed by installer and you trust that it’s really gone. I hate to say that! And I don’t know what “everything” includes! In my case, alarm system, Rokus, PCs, IOS, Samsung TV (research vulnerable TVs). Firewall (id replaced my router/firewall about 6 times hoping to block it before I knew what it was. Avoid using credit cards online, buy gift certificates specifically for Amazon, or other accounts. Watch closely charges on credit cards. Get a list of hidden apps asap, they don’t keep that info for long. It’s also good to keep dates of things happening, but that’s so much!


Some apps seemed to have opened a back door to other attacks, but that’s difficult to determine. If you find a smart bulb or other such device, you might want to call authorities to remove it, if they are willing. Some newer devices will unscrew, but one had a big visible green circuit board and emitted a loud Wi-Fi signal.


Check out devices on you router/Firewall, try to identify unknown devices (if you can access the firewall. Note they may change the name of your Linux box to something else, so get MAC addresses if possible. And, look for NFC, they look like little circles if paper! Lookup online, scanners will pick them up.


I’ve tried everything I can, contacted venders, replaced equipment, bought software, scanned, recorded on cameras. But I’ve not yet completed a report to IC3 dot gov, or finished report to local authorities. 1st, it’s all been very difficult and excessive, second, not wanting to cause harm. But it gets worse, not better at least so far. Also, like others, when I try to get help from various sources, something worse happens again! I wish we could speak in person. Good luck, let me know if you are able to remove this mess. PS, the DOJ and FBI are all over this MDM because it over rides all security and it’s very dangerous. That’s why you must report to IC3!

May 27, 2024 4:50 AM in response to T3ddy19

I, too, have been dealing with this since 2022- that I know of!! SAME THING as everyone else. One thing I haven’t seen mentioned yet (haven’t been through all posts yet) was Virtual Ethernet Connection. Also when I did a whatsmyip search, I was told I was Enterprise Hosting. Someone tried to tell me it’s bc Apple is the enterprise 🙄. Also, a lot of it doesn’t necessarily go to MDM, I’ve found more to point me towards a Educational/School Managed Device, def some with Microsoft excel, edge, I could go on for days when it comes to PC. I’m sure there are many more but here’s a few I hadn’t seen mentioned.


Oh! There’s something with SOS mode. I’ve been locked out devices and they were stuck on SOS mode- when they still at cellular service.


It’s awful. I could write a book with all of the negative consequences to this but the biggest for me going through something so devastating and not having the support of loved ones. Bc if they don’t understand it, it can’t be real. Especially bc they consider themselves to be so much better. Their ego gets in the way. Makes you feel very isolated and alone Wish this would allow me to post my personal info bc I would love to talk to you all outside of the community. Compare notes and offer support.

Aug 9, 2023 3:25 PM in response to Inrecoverymode

The MDM (or mine anyway) installs a MANAGED Wi-Fi hotspot. That will over ride your hotspot. I was glad to see these postings, as I’d never seen anything like this before. I had an MDM installed on my windows PC on another hospital visit. Found vender name, called them, they removed it right away. But it was not as destructive as this one. How horrible someone is doing this to you after you lost your husband! But he could not fix it either. It would have to be removed by installer (likely someone you know) or Apple. And Apple won’t support this Apple developed app! Reformatting, buying new devices, useless. It gets on everything, Windows, Android, Google, router and more. What it can’t do, it downloads another hidden app to do. I’m trying to collect everything to remove from my home, but I can’t tell what “everything” includes. I also read it can be set to prevent scanning apps for Bluetooth, Wi-Fi and such. You have to buy another device for that (with no Wi-Fi). The State Department of Justice and FBI is interested, send info to IC3 (dot gov).


The first install has to be hands on, after that, all can be done remotely. So, if someone knows your PIN, it only takes minutes. It’s likely someone you trusted very much. And, many of the key-loggers that are often used (found one on mine) often contain more malware.

Apr 30, 2023 7:01 AM in response to Community User

You are quite correct, fortunately no one has accused me of being crazy as I’m a psychologist.


I guess what we have to remember is these discussion forums are answered by fellow Apple users and not Apple staff. So we may not find much support.


Whatever this is extremely insidious, my sharing is all disabled on my iPhone yet it is constantly searching for powered and unpowered devices nearby. I can see the data usage does not add up to the user activity. I feel sick to think how long it was on there without knowing and what it has captured of my children as it’s a part of their daily lives too.


It is something akin to the Mac Dirty Cow, although what is done after it is exploited I suppose may vary, there are actions being performed on my devices that I cannot find references to anywhere.

May 25, 2023 7:39 AM in response to AgentDragonfly

Wow! This sounds so much like mine! Either can’t turn off games, or if I turn off, they come right back. There were 87 JavaScripts under shortcuts. There is also “clips” under privacy and security, microphone. Sound became very quiet, have to use speaker, that was the first symptom. Lots of redirect scripts with email to a fake or created site. Email is often deleted, some from 2 more fraudulent sites downloaded and hidden (like the MDM app), 2 banking apps, screen recorder, more! I had 87 scripts under shortcuts! I’d never even looked before. It also turns on family sharing, that permits it to download on one device and then spread to others, including Windows/Android and Roku, Smart TVs. My data is also moved to the iCloud, then transferred from there to another cloud service. If you have a windows device, search on *mdm*.*, make sure “hidden” is checked under view. My iCloud sign on page is also redirected. There is an Apple page where you can see hidden purchases, but it only goes a few months back!


When I deleted 2 accounts and created another, it was gone for about 7 hours, no grayed out options, “clips” or games. But then it visibly showed under purchases and was installed. It gets much worse, identify theft, credit card fraud beyond App purchases (the one on Apple. Alarm system hacking and entering my home. Deleting password reset messages, using my phone number to call Apple, using an Apple feature. It will not go away with a reformat. For the first install, physical access is required (I think). I was in the hospital for about a month when this started, but it could have been sooner. Based on what I’ve read, you should reformat it (unshare) or delete problem apps, several things have to be turned off. Delete your account! You have to set up a new account that does not have your name and address on it! It goes by name and serial number. I’ve not found any solution at all other than what I mentioned. Keep in mind, smart devices, IoT may also be compromised, smart light bulbs (I found one in my house using a detector) and what appears to be NFCs. It also picks up a lot of DECT, smart fridge, Wi-Fi cameras, alarm

system (if Wi-Fi), some TVs, I guess my printer is infected as well.


a lot of things get transferred in the background, like the router IP, although the MDM has options to scan for new devices, phones, PCs and much more. This started Dec 2021 or earlier. I was a former Global IT Security Manager, but I’ve found no way to remove this! It also modifies the router and has a beacon, it appears to allow more hackers? And there is more dangerous activity going on that you can’t see.


they also downloaded Xcode, then hid, and of course JavaScript can be used under shortcuts, they use commands that I’m not able to use? Everything is compromised. I’d like to speak with you to compare notes, although phone, text and even this chat is transcribed. Most security emails are blocked (all read). Text usually makes it but not always. I have about 7 IOS devices, will have to get rid of all of them. Android and Windows get quickly

compromised, MDM and parental controls. Attacker has used Unix and MAC. BTW, the DOJ has the MDM under investigation, it said antitrust as they also used it for parental controls, and said it’s a safety concern! This account will likely be gone soon. Oh, when I bought new devices but didn’t set them up, they were compromised around the time they came in the house! I’ve even unplugged the router, but activity continues.


I never thought I’d end up with a fraudulent malicious app(s) that they won’t remove! I actually got an MDM app before, around 2015 (in the hospital again). It had the venders name on it, I called them and they removed it while I was on the phone! Now, 1.5 years, disabled, trying everything, but no help. As a security manager what a horror it would be in an 8,000 user environment, but they likely get help.

Aug 5, 2023 9:02 PM in response to AgentDragonfly

So what is it? I mean is it a person behind it all. I am not that computer literate but I knew something was definitely wrong a few months back. I just recently got back into my Apple ID now I'm locked out of Gmail, Yahoo and Outlook. It has gotten my iPhone SE, 2 iPads and a laptop. I noticed just yesterday I was supposed to get a call back from Apple support and the number was actually blocked in my phone. Now I have to wonder if I spoke to a real Apple representative to start with when they called before or not. I need to get back into my accounts soon... I don't know what to do next...I am totally at a loss. It was my late husband who knew computers not me. I have issues to Personal Hotspot..,actually everything I have heard on here tonight I have same or similar issue.

Oct 12, 2023 4:38 PM in response to T3ddy19

i have been at this going on three years, boxes of paper and 3 harddrives off laptops that have all this. they are safely stored. the current desktop has it too with a twist... i have no microsoft account but the computer is running an insider copy of windows and so is my hp laptop. i did not do this and cant get rid of it without the email and password i dont know!!!

i also have xbox live, gamebar credentials that get loaded back every day! i have keystroke recorder and today guess what? ... i can type online but the keyboard stops working if i try to search the computer!!!!

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

MDM on personal iPhone - Businesses, unauthorized developer activity HELP!

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.