You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

💡 Did you know?

TikTok and ByteDance Ltd. apps are no longer available in the United States, and visitors to the United States might have limited access to features. Learn more >

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Was spyware added to my iPhone?

Hi! A few months back, I had a sketchy coworker who gave me QR code to an app. After I downloaded the app my phone started acting strange. Turning on and off by itself. Taking photos on its own. Draining of battery fast and overheating. It was very suspect and yes this coworker would do something like that. I deleted the app on my phone but not cloud. Because I want to know if I actually was hacked. Can Apple tell if spyware was installed? I need someone to help me see if I this person violated me.


[Re-Titled by Moderator]

Posted on Sep 6, 2024 12:23 PM

Reply
Question marked as Top-ranking reply

Posted on Sep 6, 2024 1:07 PM

Unless your iPhone was jailbroken, in which case many if not most of the protections against hacking were removed, it's highly unlikely that your phone was hacked. It's even less likely to have been if the app came from Apple's App Store. More likely either the app was very badly coded and just was causing problems, or the issues you experienced were coincidental.


Either way, I'd recommend that since you may have gotten a dodgy app, particularly if the app came from some website, not from the App Store, or in any case were having problems, that you erase the iPhone and start it fresh.


How to factory reset your iPhone, iPad, or iPod touch - Apple Support


That would remove any dodgy apps and associated data. Then absolutely make sure that any apps you install in the future come _only_ from Apple's App Store (and I say the same for those in Europe, unless you have thoroughly vetted the alternate app store you wish to use).


Regards.

7 replies
Sort By: 
Question marked as Top-ranking reply

Sep 6, 2024 1:07 PM in response to Ontoros

Unless your iPhone was jailbroken, in which case many if not most of the protections against hacking were removed, it's highly unlikely that your phone was hacked. It's even less likely to have been if the app came from Apple's App Store. More likely either the app was very badly coded and just was causing problems, or the issues you experienced were coincidental.


Either way, I'd recommend that since you may have gotten a dodgy app, particularly if the app came from some website, not from the App Store, or in any case were having problems, that you erase the iPhone and start it fresh.


How to factory reset your iPhone, iPad, or iPod touch - Apple Support


That would remove any dodgy apps and associated data. Then absolutely make sure that any apps you install in the future come _only_ from Apple's App Store (and I say the same for those in Europe, unless you have thoroughly vetted the alternate app store you wish to use).


Regards.

Reply

Sep 6, 2024 1:33 PM in response to Ontoros

So this has been going on for several months?


Was that QR code to an app in the Apple App Store, or somewhere else?


Which iPhone? Which iOS?


Why were you following QR codes or app installs from coworker, and particularly one you believe to be sketchy?


As for the core of your question, unfortunately, you’re about the millionth person to want free forensics. Which means you’ll need to better qualify yourself, before the few forensics providers might offer that.


Are you a political dissident or activist, senior in private or government, with access to sensitive or classified data, with access to great wealth, associated with a military involved in active combat, investigative journalist, or other such target?


What other steps or remediations have already been performed? Given this report, and given your concerns, I’d have already expected a factory reset (and not a restore) to have been performed, and re-securing the Apple ID with Safety Check, a new password and new and longer passcode, two-factor authentication, probably lockdown mode, and related steps.


Pragmatically, probably nothing happened. But malware does exist for iPhone, for those that are sufficiently valuable to well-funded adversaries. (And nobody around here is going to be running remote checks or free forensics.)

Reply

Sep 7, 2024 3:37 PM in response to Ontoros

Ontoros wrote:

Thank you for your response but you forgot to add “stalking victims and domestic survivors” to your list of targets. They exist.


Different risks for those unfortunately left to endure stalking or domestic violence, too.


Abusers can or will simply demand the features be enabled or the apps installed. No need to spend millions to intimidate or coerce for most of those unfortunate cases.


Stalkers can use widely available tools for tracking vehicles or such, as well.


But as for my previous reply, it’s fairly rare for those folks stalked or subjected to domestic abuse to be targeted by the referenced espionage or mercenary tooling, as the tools involved are exceedingly expensive. There are cheaper and much more blunt options available.


And if you’re in a relationship with somebody with that power and with access to those tools, you’ll usually know it.

Reply

Sep 7, 2024 3:37 PM in response to Ontoros

Ontoros wrote:

Thank you for your response but you forgot to add “stalking victims and domestic survivors” to your list of targets. They exist.

Yes, they do. But unless your 'stalker' or abuser is filthy-stinking-rich, your phone can not be 'hacked' if it's not jailbroken.


Reply

Sep 28, 2024 11:44 AM in response to Sspinale

Sspinale wrote:

It’s not jailbroken, it’s in kernel mode. Which Rand he doesn’t need physical access t the device. Kernel mode forces the hardware to behave in ways the third party desires without any of your settings being of consequence to the third party. Check your saved Wi-Fi networks. If you have unknown networks locked into your phone this is what he did to your phone. And it doesn’t end there. You can remove these networks temporarily but they are now associated with your SIM card and will pop in every time you put the sim into the phone. Set the to rotations and private. And restart the phone. To remove the completely (but you won’t have a connection) turn off cellular, turn on airplane, remove sim card and force restart the phone (power and volume down) but as soon as you use the sim again you’ll have to change the privacy settings of the locked in Wi-Fi networks again.


Wi-Fi networks used by carriers are normal and expected.


These Wi-Fi networks are a means used to offload cellular communications onto Wi-Fi where available.


While carrier Wi-Fi networks are associated with the SIM or eSIM (as they are carrier networks), the list of carrier-related Wi-Fi networks is maintained and updated as part of carrier network provisioning. It’s not stored on the SIM.


Don’t want carrier Wi-Fi networks listed? Find and switch to a carrier that does not use Wi-Fi to offload cellular communications. Unfortunately for that quest, I’d expect the numbers of carriers using Wi-Fi to offload to only increase.


Reply

Sep 28, 2024 11:27 AM in response to Ontoros

It’s not jailbroken, it’s in kernel mode. Which Rand he doesn’t need physical access t the device. Kernel mode forces the hardware to behave in ways the third party desires without any of your settings being of consequence to the third party. Check your saved Wi-Fi networks. If you have unknown networks locked into your phone this is what he did to your phone. And it doesn’t end there. You can remove these networks temporarily but they are now associated with your SIM card and will pop in every time you put the sim into the phone. Set the to rotations and private. And restart the phone. To remove the completely (but you won’t have a connection) turn off cellular, turn on airplane, remove sim card and force restart the phone (power and volume down) but as soon as you use the sim again you’ll have to change the privacy settings of the locked in Wi-Fi networks again.

Reply

Was spyware added to my iPhone?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.