Remove a virus from an iOS device
iOS malware is rare but not unknown. David Price explains how to check an iPhone or iPad for viruses and wipe it clean
iPhone viruses are rare. In fact, we should probably point out first of all that it’s unlikely that your iPhone (or iPad, for that matter) really has a virus – it’s more likely that you’re seeing a misbehaving advert in an app you use regularly, triggering behaviour that is intended to convince you that iOS is infected and you need to download an app to fix it, or redirecting you to a dodgy web page or a dodgy app on the App Store.
However, malware of one kind or another does exist for iOS, even though it remains extremely rare, and if you’re sure your iDevice has a virus, worm or other form of malware, read on to find out how to remove it, as well as how to avoid iPhone malware in the first place.
Find out if your device has a virus
Technically speaking, a virus is a piece of code that inserts itself into another program, whereas a worm is a standalone program in its own right; both seek to propagate themselves by hijacking messaging applications or via social engineering.
The first of these definitions does apply to a small number of malware attacks on the iOS platform; a number of apps, including some entirely respectable apps, have suffered the insertion of malicious code or the hijacking of the developer tool used to create them; and although malware apps should be caught at the approval stage before appearing on the App Store, those who have jailbroken their devices can install apps from other sources and may inadvertently install something dangerous. In either case, however, the isolated sandbox nature of iOS should prevent the malware attack from getting access to other applications (in order to spread itself) or to the underlying operating system.
The main questions when trying to work out what has happened to your malfunctioning device are these:
• Have you jailbroken your device? And if so, have you installed an application from a non-official source whose authenticity is questionable? If the answer
to both is yes, you may have a malicious piece of software on your device, and should attempt to isolate and uninstall the culprit.
• Does the unexpected behaviour manifest itself when you use certain apps only? If so – and particularly if it’s only one app – then you’re probably looking at an app-specific issue, and we’ll deal with this in a moment. Common behaviour exhibited by apps that have been hijacked include redirecting you to an unfamiliar web page in Safari, and opening the App Store without permission.
If the problem continues to happen no matter which apps are open, the chances are that your device is misbehaving because of a hardware problem, or because of an iOS change that you’re not used to yet, or because you or another user of the device has changed a setting, perhaps inadvertently. It’s extremely unlikely that malware has penetrated to the heart of the operating system and is causing problems throughout the system; this would be essentially unprecedented. In any of these cases we would take the device to an Apple Genius Bar.
Is a compromised app causing the problem?
Rather than a virus affecting iOS itself, it’s possible that you’ve simply got a problem app. This doesn’t necessarily mean the app is bad or that the developers are at fault; conversely, the fact that an app is legitimate or was made by a reputable company doesn’t mean it can’t be hijacked by malware or hackers. Because hackers cannot break into iOS itself, one of their most common strategies is to crack a developer kit, which may in turn be used by well-meaning and unaware app developers. The crooks thus gain the ability to redirect you to a dodgy website when you use the app which uses the compromised developer tool.
It’s usually obvious when one particular app is causing the problem, because you only have problems when using it. The usual giveaway sign is that, when you’ve got that app open, you will periodically be redirected to a web page, or to the App Store, without your permission. If you think one app is the problem, first of all have a look to see if an updated version of
the app is available, since the problem may have been noticed and fixed. Also check the app’s website (if it has one) and/or the developers’ Twitter feed (if they have one) to see if the issue has been reported or discussed in those places. If the devs are contactable then you should report the issue to them; they may be able to offer a solution, but even if they can’t, they are more likely to find a fix if they know about the problem.
Assuming that updating the app doesn’t solve the problem, uninstall the app and try to manage without it for a while. If the problem disappears then you’ve found your culprit, and it’s time to decide if you can manage without the app in the long term. Even if you do decide to give it the chop, however, remember that you can check in with the developers from time to time and see if a satisfactory update has materialized.
Clear history and website data
Here’s a quick tip that may resolve web page redirect problems. Go to Settings > Safari > Clear History and Website Data, then tap Clear History and Data.
Power off and restart
Hold down the power button until the screen changes and the ‘slide to power off’ slider appears. (This should take about four to five seconds.) Then slide the slider so the phone powers down. The screen will turn black.
To restart the phone, hold down the power button again. This time it should take about 10 seconds. The Apple logo will appear; at this point you can let go of the power button. Wait until the passcode entry screen appears (you need to enter a passcode instead of using Touch ID the first time you unlock a phone after powering up) and then unlock the phone.
If this hasn’t fixed the problem, you may need to take more drastic measures.
Restore your iPhone from backup
We trust that you back up your iPhone on a regular basis. If so, it’ll be easy to restore your iPhone from the most recent backup and see if the solution has been removed. If this fails, you may have backed up the contents of your iPhone including the malware of other problem, so restore from the second most recent backup, then the one before that and so on. Hopefully, you will find a backup that predates the problem and you’ll be able to proceed from there.
Restore your iPhone as a new device
If none of your backups are malware-free, or the only backups that are malware-free are unusable for some other reason, then you may be better off starting from scratch. Wipe your iPhone by going to Settings > General > Reset > Erase All Contents and Settings, then
enter your passcode and confirm the process. Wait for the erasure to complete, and then set up the iPhone as a new device.
Once you’ve completed setup you’ll need to reinstall the apps you want to use (although remember that if an app seems to be causing the problem you should try living without it for a while and see if things are better), reload digital media and get the settings back to the way you like them. It’s a pain, but hopefully you’ll only need to do it this once.
How to protect your iOS device from malware in future
Update iOS regularly. We recommend not jailbreaking, and if you do, you need to be especially careful about the software you install and the sources you download it from. And be careful of ‘social engineering’ attacks – don’t open links if you’re unsure where they come from.