Are files scanned for malware during uploads?

NventiveGuy wrote:

I wonder if that code was in a machine-language that an Intel chip

in an iOS device could execute.

The cpu on an iOS devices is not an Intel chip. Code built for an Intel chip will not run, and code built for the Apple Silicon chip on the iOS device must be signed to execute.

You say that iOS doesn’t allow such code-execution?

Correct, executable code must be signed by Apple.

I also was told that files like .doc and .docs may also contain code.

The code you are referring to on .doc and .docx files are Virtual Basic scripts and they don't run on iOS. Even a Word document with a legitimate script is not compatible with iOS and will not work if opened in Word for iOS. Some may consider that a disadvantage in iOS since a Word document containing scripts created on a Windows platform will not display correctly on iOS, but that is the way it is. Apple took the same criticism when they launched the iPhone and it would not run Flash documents on the device and that continues to this day.

I assume that most malicious written for other op-systems can NOT run on iOS.

Correct. Not even legitimate code written for another OS can run.

Also I encountered TIFF files that had malware (in Windows)

Probably true. Other platforms can use third party libraries that may be exploited when used to open the picture file that results in a Buffer Overflow error to break out and execute code. It is actually those libraries that are targeted due to a flaw that allows the code to be executed. With iOS, there is a single Framework created by Apple that is responsible for opening Image files (TIFF, JPG, PNG, etc) called Image I/O.

I come from a Windows background where I used to scan files for Malware by doing a right-click on a filename and requesting a scan. Is there nothing in iOS/iPad OS that can do this?

There is not and for good reason. The whole malware scan process is based on identifiable code signatures to detect Malware and that flawed approach means you are always playing a cat-mouse game to update those signatures to prevent Malware. You will never be able to prevent the next Malware exploit using this approach. The solution is to never allow Malware to execute in the first place. You could certainly place a file with a known Windows Malware/Virus in the Files app, but there is nothing that will allow it to execute or interfere with any operations. Just like you could place an .exe file from Windows in the Files app on iOS, and there is nothing that would allow that to execute either.

The paradigm is a completely different approach. If you are looking for a way to prevent flat tires from nails in the road, you don't need to "scan" the road for nails, you create a solid rubber tire where the nails have no effect on your car. Others may certainly miss a nail that will result in a flat, but it has no effect on you. You may even wonder why are they having to "scan" the road for nails?

Is there an Apple doc that describes this in detail?

There are many documents that describe the Security protections used by iOS/iPad OS.

Apple Platform Security - Apple Support

Some key takeaways specific for iOS/iPad OS.

• The OS is on a Sealed, Read Only partition of the drive where no modifications are possible.
• Apple signs the OS to further protect modifications and uses Secure Boot so it is not possible to even boot from a different partition of the drive.
• Executable code has to be signed by Apple.
• No Remote Login Services are even included. Instead of trying to determine if a remote access client is legitimate, you don't allow them at all. From the above link: "Unnecessary tools, such as remote login services, aren’t included in the system software, and APIs don’t allow apps to escalate their own privileges to modify other apps or iOS, iPadOS, and visionOS."
• Breakout code using memory locations cannot even execute as also seen in the above link: "Further protection is provided by iOS and iPadOS using ARM’s Execute Never (XN) feature, which marks memory pages as nonexecutable."
• Memory locations are randomized using ASLR (Address Space Layout Randomization) where in other platforms you would know where in memory a framework/application will load and be able to modify the memory instead of modifying the actual file. That is not possible on iOS where you not only don't know where it is loaded, you cannot specific a memory location to store any code.
• The advantage of iOS is that Apple owns the Hardware, Software, and Services creating the closed system often referred to as a Walled Garden. While usually this Walled Garden is viewed negatively by others because users are not free to do what they want and there are some compatibility issues, such as the inability to run those Scripts and Flash programs described previously, it is what makes it possible to put those Security protections in place.

There are no true Antivirus Products available for iOS/iPadOS. Those that claim to provide AV protection are little more than “snake oil” - and should generally be avoided. Due to architectural sandboxing, so-called AV for iPadOS cannot escape its own sandbox - and is therefore unable scan the iPad's filesystem for malware code. Security products for iOS/iPadOS typically rely upon an external network proxy (often implemented via a VPN connection).

Due to the system architecture of iOS/iPadOS, unless jailbroken, your iPad is not susceptible to traditional malware infection per-se. However, as with all computer systems, there are still vulnerabilities and exploits to which you remain vulnerable. While your iPad is unlikely to be directly infected by malware, it is still possible to easily download an “infected” file to the iPad - which if transferred elsewhere has the capacity to infect other computer systems with malware.

NventiveGuy wrote:

When I made my 2nd & 3rd posts here on Jan 26, I wasn’t shown

some great replies made the day before. I did see 2 replies, from Nial,

but not from others. Did I just need to refresh my browser tab?

If you had left the tab open, then yes you would need to refresh the page, it will not update automatically. It may also be the case that your Sort Order was set to Rank where the posts are displayed out of order in an attempt to show the most relevant replies on top. I would suggest to check the Sort Order of this thread that shows under your original post just below the Top Ranking Reply. Under Sort By, I use Newest, so the most recent post appears on top of the page in reverse chronological order.

1- I need to run a malware-scanner/remover on the source file system?

I would think I’d need to do that before uploading into iOS.

Correct. Not because the iOS device will be affected by the malware, but because you may choose to transfer that file containing malware to another platform that is susceptible to malware. If the iOS device is the endpoint of the file, there is no need.

2– Does iOS or its apps strip out unsigned/disallowed code from these files?

No. A file containing Malware can be transferred to the Files app and you can then move it to another platform where the Malware will remain. It just will have no effect on iOS.

Also because I don't buy new devices, the ones I buy may have been jailbroken. Is there a way to determine that?

A Factory Reset will reset the device if it had been jailbroken. I prefer doing that when plugged into a computer so the OS is also wiped and replaced. There are other concerns when buying a used device that a Factory Reset will not resolve:

• A Managed Device set up for a Work or School environment can only be removed by the company that set up the management on the device.
• A device that is Locked to the Owner because it had not been properly reset (or maybe stolen) will be unusable to you and only the original owner can remove the lock.
• A device can have a Carrier Lock tied to a specific cell provider and only that cell provider can remove the lock. Most would not do that if you are not their customer and Apple cannot remove a Carrier Lock on a phone either.

I do use Flash Drives that were no formatted first with iOS. I assume they're FAT 32. I have 1000s of ties on such drives. Should I use an AV app on the source file system to scan them? (before using in iOS)

I see no need to do that from a security standpoint. If you choose to reuse those drives, they should be reformatted instead of just removing all the files. That is simply because they get easily corrupted, not due to a virus, but usually because they were not properly ejected from the file system before removal. They can be used as an additional backup method, but should not be the only backup method due to their volatility.

Mac Jim ID wrote:

NventiveGuy wrote:

Also I encountered TIFF files that had malware (in Windows)

Probably true. Other platforms can use third party libraries that may be exploited when used to open the picture file that results in a Buffer Overflow error to break out and execute code. It is actually those libraries that are targeted due to a flaw that allows the code to be executed. With iOS, there is a single Framework created by Apple that is responsible for opening Image files (TIFF, JPG, PNG, etc) called Image I/O.

Probably a reference to the libTIFF vulnerability from a decade or so ago.

There was an exceedingly clever exploit against iPhone and iPad via a now-fixed flaw in JBIG2 image processing:

https://projectzero.google/2021/12/a-deep-dive-into-nso-zero-click.html

This "weird machine" exploit is among the cleverest exploits I've ever seen reported, too.

Steps were taken here too, including with blastdoor and lockdown.

But looking at this whole discussion more generally, the Windows environment and security model is wildly different than that of iOS and iPadOS. Applying Windows knowledge and assumptions can be problematic.

But should anybody here be targeted by mercenary software, you're going to either have your sensitive information already isolated and segmented, or you're probably going to have a bad day.

About Apple threat notifications and protecting against mercenary spyware - Apple Support

There's more security-reading related available via Citizen Lab, too.

https://citizenlab.ca/research/first-forensic-confirmation-of-paragons-ios-mercenary-spyware-finds-journalists-targeted/

And some related info: Better Securing Your Data, and Apple Acco… - Apple Community

Alas, there's no certainty with security, other than that a completely secure device is also an unusable device.

Not on the iPad itself.

If you're transferring to a Mac, no.

If you're transferring to a PC or uploading to a website, it depends on the software in use.

(262542)

Go load whatever unnecessary and variously privacy-problematic app, if it’ll make you feel better.

It’ll have negligible or no benefits, and these apps tend to be noisy and for no reason other than self-advertising. Adding one, two, or more apps won’t appreciably help things. Those add-on apps might pillage your privacy sure, but that’s seemingly the purpose of too many of the anti-malware apps these days. Though some of what gets sold can make your network wobble.

Put a favorite sticker on your iPad, as it’ll have the same beneficial effects as the add-ons, and likely with fewer adverse effects. 😉

Why? You’re not a target of the expensive malware. Or if you are, you need better and personalized advice than us.

What I’d focus on here? Backups. Better Apple Account security. Two-factor authentication on important accounts. Passkeys where available. Clearing out the list of Apple-generated security recommendations. Did I mention backups? Stuff gets dropped, dunked, lost, stolen, phished or scammed or spear-phished, files accidentally deleted, Apple Accounts lost, and the little people that borrow unlocked devices for games cause all sorts of mayhem, too. This stuff: Better Securing Your Data, and Apple Acco… - Apple Community

Two thoughts come to mind.

1. Lockdown Mode? From the following article: “Lockdown Mode is an optional, extreme protection that’s designed for the very few individuals who, because of who they are or what they do, might be personally targeted by some of the most sophisticated digital threats. Most people are never targeted by attacks of this nature.” Is that you? About Lockdown Mode - Apple Support
2. File or device issue? You seem to encounter problems when copying to devices - generally pre-used devices. Are these devices properly initialized, cleansed and formatted before you use them? From the iPad User Guide: “Note: An external storage device must have only a single data partition, and it must be formatted as APFS, APFS (encrypted), macOS Extended (HFS+), exFAT (FAT64), FAT32, or FAT. To change the formatting of a storage device, use the Files app on iPad or a Mac or PC.”

It's less-restrictive in terms of where software can be downloaded from and what parts of the disk it can access, but requires the operator's permission for full access and therefore isn't less secure.

Only files with runnable code, which doesn't include photos, can spread malware.

(262543)

Reformat the FAT volume, as those can get corrupted all by themselves.

Check whether the printer supports AirPrint and bypass the “fun“ entirely. You can post the vendor and model here. Or can check whether it is accessible when connected to the local Wi-Fi, as AirPrint may well already be enabled by default.

Add-on security apps including VPN apps can introduce as many or more issues as they might avoid.

MrHoffman wrote:

I also agree with your analysis. Certainly mercenary spyware costing close to a $1 million per exploit affecting high profile individuals or those carrying Government secrets is a concern for a few individuals. Also the intentional act of Jailbreaking a device that results in bypassing security measures is not recommended, although there are ways a user may be able to do that.

Since the OP was viewing Malware from a Windows perspective, I wanted to highlight the difference in those platforms and what protections are in place specifically on iOS where the whole concept of viruses that spread in the OS and the need to "scan" for Malware is non existent.