I read a post stating shortcut downloading shortcut can be malicious. How to scan before downloading? I had Microsoft Defender but one shortcut downloaded under iOS 17.5 when run outputs a question to continue with stranger email address. This is not shown in editor. Is this shortcut risky? How can this be possible?
iPad mini 6, iPadOS 18
Any third-party shortcut can be a risk - not from the download itself, but from what actions the Shortcut actually performs. As with any download to iOS/iPadOS, your device cannot "scan" the download for threats.
Shortcuts that you download from Apple's shortcut Gallery might be considered "safe". For other shortcuts, downloaded from elsewhere, the onus is on you to manually check (and understand) the scripted steps that the shortcut performs prior to running it.
To be clear, there are no vulnerability scanner Apps for iOS/iPadOS. The sandboxed security architecture of these platforms intentionally prevents an App from accessing anything outside of its own "sandbox" - within which the App and its associated App-data are stored.
Some so called "security Apps" (such as Norton, McAfee and others) install a local network proxy, through which your network traffic is routed through an external service where your traffic may be examined. A security App has no way to identify potentially unsafe actions that are scripted using Shortcuts.
Microsoft uses an entirely different (and substantially less secure) system architecture that is not based on sandboxing. iOS/iPadOS cannot implement "trust" in the same manner as [less secure] Microsoft Windows.
Thanks. I wish for some screen service either
I still need help to understand the risk of following shortcut of which steps I cannot see how pop up asked for confirmation to use someone else’s iCloud address. Should I be concerned?
I am too used to Microsoft thinking like
In the case of iOS shortcut actions what malicious damage can be possible? What risk is running shortcut not from gallery?
Is Downloaded shortcut risky?
