The Mac Security Blog

Apple

Why iOS Needs an Antivirus

Posted on by

iOS 13 marked a turning point in the evolution of Apple’s mobile operating system. In the early days of iOS, Apple – and Steve Jobs, in particular – felt that files were a distraction. In an interview in 2005, Jobs asked, "why is the file system the face of the OS? Wouldn’t it be better if there was a better way to find stuff?" He followed up, "eventually, the file system management is just gonna be an app for pros and consumers aren’t gonna need to use it."

Things changed in 2017, with iOS 11, which introduced the Files app. This wasn’t a tool for making the file system on an iOS device visible to users, but rather to serve as a hub for the various cloud services people use to store files. It displays files that are stored on an iPhone or iPad – in certain apps – but it mainly allows users to download and work with files from the cloud.

There is an additional way to add files to iOS devices: iTunes File Sharing lets you add files to specific apps via iTunes. You can sync files to an app-specific Documents folder in this manner, and those files are only available from those apps.

iOS 13 adds external drive support to these mobile devices. You can access files on a USB thumb drive, SD card, or hard drive, assuming you have the appropriate dongle and/or connector. You can also use a Downloads folder and manage local storage on your iOS device, creating folders, and working with files while viewing a limited part of the file system. And with the Files app, you can connect to a network server to access files as well. These features usher in new power to work with files, but also new risks.

Malware on iOS

There has never been any serious malware affecting iOS. There have been infected apps, such as XcodeGhost, which steal data, and there has been malware that has affected jailbroken iOS devices (where users get around software limitations to install non-approved apps), but nothing has been created that has infected iOS or files on iPhones or iPads. There have been vulnerabilities that allowed people to access iOS devices via FaceTime and Bluetooth, but these are network attacks, and don’t depend on files being copied or downloaded to an iPhone or iPad.

iOS has robust sandboxing; this limits which files and which parts of the file system apps can access. But it also prevents antivirus and anti-malware software from examining the devices in search of malware. Because of this sandboxing, it is very difficult for files to affect apps or iOS itself, but as the ability to add files to iOS devices increases, it is possible that there will be attempts to create malware to target iOS. In addition, files that you add to your iPhone or iPad may contain malware that, while not affecting iOS, may affect another operating system to which you copy those files. If you add files to your iPad, then put them on a cloud server to later access on your computer, those files could compromise that computer.

Antivirus Software on iOS

Apple allowed antivirus software on iOS for a while, and Intego made VirusBarrier iOS, but in 2015, the company eliminated that entire category of apps from the App Store. VirusBarrier iOS allowed users to scan files that they received as email attachments, for example, and alerted them if the files were infected. This helped protect people to whom they forwarded files, or even their own Macs and PCs at home or at work.

With these new abilities to move files to and from iOS devices, it’s time for Apple to allow software companies to make true antivirus software for iOS. At a minimum, an iOS antivirus should be able to scan files in all of the locations where users can add or download files, but it would be best if the software could access the entire file system, to ensure that the devices are free of malware. Ideally, it should also be able to scan RAM, because threats that attack devices via network vulnerabilities can hide their code in RAM.

Naturally, Apple shouldn’t open this access up to just anyone; they should carefully vet antivirus software on iOS, and vendors should have to prove that they are established and reputable. And this software should undergo a more stringent approval process than other apps.

It’s clear that Steve Jobs’ vision of iOS devices without files hasn’t worked out; many users, not just "pros," need access to files: to receive them, work on them, send them, and store them. But with this new file access comes new risks, and it’s time for Apple to recognize this, and allow security vendors to help users ensure that they are protected from malicious files.

About Kirk McElhearn

Kirk McElhearn writes about Apple products and more on his blog Kirkville. He is co-host of the Intego Mac Podcast, as well as several other podcasts, and is a regular contributor to The Mac Security Blog, TidBITS, and several other websites and publications. Kirk has written more than two dozen books, including Take Control books about Apple's media apps, Scrivener, and LaunchBar. Follow him on Twitter at @mcelhearn. View all posts by Kirk McElhearn →