Does iOS malware actually exist?

There actually has been some iOS malware, but it's shockingly rare. It's all thanks to Apple's rigid control over app distribution.
Written by Larry Seltzer, Contributor

Everyone knows there's no iOS malware, right? Strictly speaking, there is. As a practical matter, there isn't. At least if you stick with the official Apple store, you are more likely to win Powerball than to be hit by iOS malware.

But to make that "strictly speaking" point, FortiGuard Labs's Axelle Apvrille ("the Crypto Girl") felt it necessary to list all the iOS malware on record — all 11 instances, eight of which work only on jailbroken phones.

If Apvrille's point is that iOS devices are not immune to security problems, then she is obviously correct, especially in the light of the recent iPhone hijacking episode. The perps in that case have been arrested in Russia and no software was exploited; all that happened was that the attackers hijacked iCloud accounts.

But malware is the worst way to show that iOS users have exposure, because Apple's business practices for app distribution have made it nearly impossible to get malicious software to users. Unlike on Android where you can, and many do, choose to get apps from third-party stores, with iOS there is exactly one place you can get your software: Apple's App Store. There is malware, now and then, in Google's Play store, but it's not the real Android malware threat, if there really is such a threat.

(Incidentally, I don't want to rag on Fortinet or Apvrille too much; they do a lot of great research and their blog is one of the better industry sources out there.)

It's not like iOS isn't an inviting target. There are zillions of devices out there and iOS customers have shown that they are willing to spend money on apps. And there absolutely are ways that iPhones can be attacked, although more likely through vulnerabilities, especially in Safari, than through malicious apps.

In fact, Apple's rules for what it will allow in its App Store are so strict that they effectively ban security software. It's a good thing there is next to no malware, because what you would need to do to block it on your phone is not permitted. Android, on the other hand, has a burgeoning market for security software and no shortage of malware.

Instinctively, I don't like the tight control Apple has over their app ecosystem, but I've long ago given up objecting to it. They got it right, which is why Microsoft is copying the model closely. What could never work on PCs and Macs works great on mobile.

Editorial standards