Apple’s iOS operating system is not an easy one to hack. But that doesn’t mean it’s hack-proof. And, in fact, some of its security measures also make it hard to know whether you actually have been hacked.
How It Works
iVerify doesn’t directly detect hacks being carried out on an iPhone. Instead, it specifically looks like “side effects” or weird behavior that could be caused by jailbreaks or active exploit attempts.
That’s because Apple sandboxes its apps and doesn’t really let them interact with each other in meaningful ways. To get around that, iVerify looks at “side channels” to see bits of data outside of that sandbox.
“This is like sending smoke signals out and you’re looking at the clouds in the sky through a tiny little window in your room where you’re locked,” Dan Guido, one of the app’s developers, told Vice.
In the event that the app detects a possible attack, it sends the user an alert and creates a personal URL detailing what type of anomaly or attack occurred.
It also sends the incident report back to Trail of Bits and gives the user some additional steps.
It’s not just a detection tool, either. iVerify also gives recommendations that users can take advantage of to shore up their security. That includes two-factor authentication apps and the use of VPNs.
Why It’s Significant
For the longest time, iPhones have largely been considered extremely secure devices. Largely, that’s because of security mechanisms like sandboxed apps and code-signing requirements.
They still are much more secure than, say, a stock Android device. But over the past few months, security researchers have demonstrated some of the cracks in the walled garden of iOS.
Back in July, researchers at Google Project Zero found a slew of bugs lurking in iMessage that could allow attackers to execute code on an iOS device and take control of system functions. Subsequent reports suggested that the vulnerabilities were even exploited in the wild in a “campaign exploiting iPhones en masse.”
There is such a deluge of iOS and iPhone vulnerabilities, in fact, that the cost of exploits on certain marketplaces dropped below Android ones for the first time back in September.
Despite all of that, Apple has been fairly strict about allowing “iOS security” apps onto the App Store. Back in 2016, a similar tool was quickly pulled from the App Store.
Not that getting iVerify onto the App Store was easy. It reportedly took months of back-and-forth. Interestingly, one of the key problems was that iVerify recommended specific apps like 1Password, which is apparently against Apple’s policies. (It also recommends VPNs, which is why the app isn’t on the Chinese App Store.)
The fact that iVerify passed Apple’s App Review process is itself significant. And while it may not indicate a new wave of “iOS antivirus” software, it could suggest that Apple may be relaxing its rules on iOS security apps.
Not everyone is going to need or benefit from iVerify (particularly at its $4.99 price point). But for the security-conscious iOS user, it may be a worthy investment.