iOS 26.3 downloaded as developer, is my device hijacked ?!

Those are all legitimate frameworks part of the OS. If you did not have those files, your phone would not operate and likely crash on startup. Private Frameworks are for use by Apple only and the other Frameworks folder includes those that can be used by apps in the App Store.

If your device is in Developer Mode, you will see the option to turn it off by going to Settings > Privacy & Security, and scrolling all the way to the bottom where you would see that setting. Any device can be placed in Developer Mode by the user. That is useful when connecting your device to Xcode on a Mac for app testing.

Sorry, but it just appears you are going down a rabbit hole by posting screenshots of things that you don't understand and making a claim that it shows your device is compromised. Not sure what is fueling this behavior that is leading you down this path. It is obvious when you start by posting a concern about Private Frameworks existing on your device, which are supposed to be there. When that is shown to be normal, it progresses to a screenshot of your System Folders that somehow you find concerning, I think because of the Cryptex folder.

After that is shown to be normal, and the Cryptex framework is explained to you, then it progresses to log files that do not show what you are claiming. I truly am surprised you have not found the Pegasus.Framework by now and then making the claim that spyware has been installed.

Again, if you are having a problem with your device, post what you are actually seeing, not what you think is happening by digging around in the log files. If you are using AI in an attempt to dig deeper, that would explain what has leaded you down this course. Just like searching for medical symptoms always leading to a diagnosis of cancer, using AI with a confirmation bias leaning towards information about a hacked device is going to point you in the wrong direction.

Your Safari is not spoofed, and the System locations you noted are on a Locked partition of your Drive which is Read Only, so no modifications could be made, even if you wanted to. Yes you have Safari buried in the Cryptex folder and there is also a Safari.framework and a SafariShared.framework. That is all true and normal.

MohamedElagamt wrote:

Thanks for the " reasonable " reply, any idea why is com.apple.Updatesoftware is jot a first party software ?!

https://discussions.apple.com/content/attachment/6ff04c6a-5b66-4111-859c-430b681d717e

Nope, it is part of Apple's Private Frameworks where Apple gives very little to no information. They also don't tell you a description of the Bug_Type referenced, or the reason why the Engineer decided to log the data at that point. It's Apple's OS and they are not obligated to explain any log file to you and you will learn quickly that there is nothing to gain from them.

The sole purpose is to submit them to Apple either automatically if you give permission or if you open up a Support Ticket with Apple on an issue you are experiencing, an Engineer may request a specific log file. An engineer does not even read them like a book, they use special decoding software to symbolicate memory addresses to make sense out of them.

Not understanding what you are looking at is expected. You will run into problems if you are attempting to make conclusions from the data you do not understand. For example, in some logs you will see "roots_installed:1", and of course users would jump to the conclusion that their device has been compromised. Others make references to the Pegasus framework and "Stingray" that have also had some users reading them in an uproar thinking their device has been compromised. None of that is true and just with your reference, those are normal too.

So as a dutiful person investigating a concern, you will taken diagnostic steps here and have verified that similar configurations are present across unrelated iOS installs, which — given whatever similarities you might find in your examinations — implies that either everything everywhere is similarly “hacked”, or that your particular concerns are (at least here) unfounded. Put differently, finding this across multiple separate (across time or across devices) installs means mass exploitation directly from and signed by Apple, or, well, that this is just what iOS looks like.

As for developer support, that’s been integrated and built into iOS for many years. It requires cabling the device to a Mac to enable, but — like device management profiles and some other features — it is a latent, built-in, expected, and entirely normal part of iOS.

Cryptexs are signed and sealed by Apple and provide the code of parts of iOS, as well code related to private cloud compute, and these cryptexes are used to isolate and protect various functions. Officially from Apple, “A cryptex is a cryptographically-sealed archive which encapsulates a well-defined filesystem hierarchy. The host operating system recognizes the hierarchy of the cryptex and extends itself with the content of that hierarchy. The name cryptex is a portmanteau for “CRYPTographically-sealed EXtension”.”

If you want to better understand the operating system environment and its terms, acquire Jonathan Levin’s three-volume OS Internals books. That tome will cover a whole lot of what you will encounter, though will lack discussions of the cryptexes, as those are a comparatively recent change across iOS, iPadOS, and macOS.

PS: if you’re worth enough as a target, your adversary is immensely well-funded, and you will need specialized help with your security and with your personal data management practices well beyond what can be available via a forum. Particularly given the sorts of device access and sensitive questions that arise. The exploits and the mercenary tooling involved here is worth millions of dollars. Based on available reports, and based on the value of the tools, these tools are targeted at individuals, and not widely deployed against everybody.

PPS: if security is a concern, you will want an iPhone capable of iOS 18 and iOS 26, as older iPhone devices have known and irreparable security vulnerabilities.

Please stop poking around in things you don't understand.

Your phone is not "hacked".

Sorry to disappoint you, but I happen to be human.

Again, stop poking around in things you don't understand. You don't have the tools or the training necessary to interpret the analytics logs.

Your phone has not been hacked or compromised.

If you are experiencing actual symptoms of a problem, try describing what's wrong. Otherwise, please move on.

No one here gets paid. This is a volunteer user forum.

The senior users on here, who can be recognized by their levels and points, have many decades of experience between them. I include myself in that illustrious company, though my skills and experience pale in comparison to some here. We have at least one member who was instrumental in putting the first humans on the moon, if that gives you any idea of the depth of knowledge here.

You have yet to describe an actual problem or even a concern regarding your device that's based on facts or even imagined symptoms. All you've done is present dumps of information you clearly do not understand.

MohamedElagamt wrote:

how much do you guys get paid ?! genuinely curious!

Why would you think that the pay from an outside source, would be of any consequence to these discussions? No one replying in this thread is employed y Apple.

MohamedElagamt wrote:

how much do you guys get paid ?! genuinely curious!

Not one person who posts here is paid in any way, shape or form. This is a volunteer user to user only forum. Many of us have been a part of this forum for years and we enjoy helping other users. We'll take it as a compliment that you think we may be compensated for our time here!

MohamedElagamt wrote:

how much do you guys get paid ?! genuinely curious!

NOTHING! We are all volunteers and not paid at all. None of work for Apple and we are users just like you. The only reason you see some higher level users is that others had marked their reply as helpful. Our only motivation is the desire to help others and while you may find that surprising, that is what volunteers do. Hopefully that satisfies your curiosity.

This is pretty simple. I’m an easily searchable entity. I use my real name on social media platforms and you’re welcome to search me. No big deal.

No one works for Apple, we’re all just like you, an Apple user. Nothing mysterious, no bots, nothing. I’ve read this entire thread. Your allegations and statements are so far off I’m suspicious of you being a bot or a gorilla marketer planting FUD. Everything you’re posting about is easily searchable on Google, ChatGPT etc. it throws suspicion on you, I’m afraid to say.