Does Malwarebytes offer a VPN

Antivirus for iPhone: useful or not?

Stephan Wiesend

Antivirus software isn't available for the iPhone, and Apple has a few good reasons for that. We clarify how secure iOS really is and whether you need VPN software.

EnlargeAccording to Apple, anti-virus software is not required for the iOS. Is that correct?

Almost every day one reads about stolen user information, blackmailers or spy programs, even the data of US authorities or the iPhones of American IT billionaires like Jeff Bezos are apparently no longer secure.

With Pegasus, an iOS spyware that is used by authorities around the world is even known by name. Some iPhone owners are now wondering whether the iOS platform is really that much safer from malware than the Android platform, which has long been suffering from virus attacks. Many users first think of a virus scanner as a protection option, but VPN software is also being bought more and more frequently.

However, Apple's stance on this issue is clear: virus scanners for iOS are nonsense. As early as March 2015, Apple therefore rigorously banned all antivirus apps from the App Store. There were good reasons for this and is not a consequence of the "Reality Distortion Field":

Virus Barrier and Avira Antivirus for iOS

Looking back, it's not like there never was antivirus software for the iPhone and iPad. Among other things, Intego and Avira had malware scanners for Apple's mobile system on offer. But its value was low from the start. On iOS, security tools are severely hampered by the sandboxing of the system. This protection system shields apps and the system from access by other apps, including an iOS virus scanner that tries to scan the system for malware. Kaspersky has also denied the point of having a virus scanner for iOS.

EnlargeIntego Virus Barrier was one of the first anti-virus apps for iOS.

Antivirus software is therefore far less useful on iOS than on a Windows or Android system. After all, it could not prevent the installation of malware apps anyway, at best it could search for installed malware apps. As an iOS user, you can also rely on Apple to keep the App Store free of malware - or at least to react as quickly as a manufacturer of antivirus software. One small flaw remains: if an app is installed, it remains unchecked on the iPhone. In view of the very rare iOS malware apps, word of this gets around quickly and a malicious app does not go undetected for long. Nevertheless, antivirus apps would probably have sold quite well in the App Store: There are simply too many Windows users who have had a lot of trouble with virus attacks. Presumably to convince these users too, Apple banned the antivirus software from the App Store: its very existence ultimately contradicted the promise that iOS was a secure operating system.

Antivirus software for Android, on the other hand, has almost every antivirus software manufacturer on offer - here it is really necessary. Android users can install apps from other sources without any problems, even Amazon and Google Play are not completely free from malware. Google has already introduced its own scanner with Google Play Protect, but according to tests by AV-Test, this scanner is by no means sufficient.

A big advantage of iOS: Apple regularly delivers security updates and also supports older models for a very long time. The new iOS 14 system is even compatible with the iPhone 6S. Many manufacturers of Android phones, on the other hand, only provide updates for their device for one or two years - which then has known security gaps.

Jailbreak makes iPhones unsafe

Strictly speaking, there are two methods of installing iOS apps without the App Store: Companies can install their own apps on their iOS devices, theoretically including malware. This way, however, malware infestation is even less likely than via the app store. The situation is completely different after a so-called jailbreak of an iOS device: After this operating system intervention, software can be freely installed - unfortunately also malware. In December 2015, for example, the TinyV Trojan appeared, which was spread via illegal versions of iOS games. In principle, we therefore cannot recommend a jailbreak.

Government agencies are at their disposal with tools like Pegasus that give them full access to an iPhone. This is only possible after a jailbreak, the tool uses a data connection to "open" an iPhone remotely. It can then install spyware by exploiting system vulnerabilities known by the spyware manufacturers. This became known through eavesdropping on a journalist critical of the government, whose iPhone has been proven to have been hijacked. At least from the NSA or the BND, an iPhone is not safe either, which apparently also applies to other authorities with good contacts to the USA. The principle could of course also be used by experienced hackers, but requires a very high level of specialist knowledge. An average home phone is just not worth the effort.

User data is more or less openly researched by apps

It is unlikely that an app obtained from the App Store will suddenly start encrypting user data or deleting data. Apps that spy on user data are a bigger problem for home users than malware. Here the boundaries between spyware and market research are often blurred. With each update, Apple has therefore further increased the security status of the system and improved the protection of private data. What social services such as WhatsApp but also photo services almost naturally demand an insight into your address book "to look for friends in the network". The location function is also surprisingly important for market researchers in order to collect movement data. What happens to this contact information is not always clear.

Logically, reading out the address directory has only been possible for years after confirmation by the user. However, Apple is simply powerless when a social media app expressly asks for access to the address book or wants to display close friends via GPS. Here common sense is simply required from the user. The service can then immediately display a list of friends, colleagues, or relatives who are already using the service.

Good: With almost all newer apps you can now see the entry "Data protection" in the App Store and you can find out about the data access of the app before the installation.

EnlargeBefore installing, pay attention to the entry "data protection", especially entries in tracking are problematic.

Browser as a weak point

Safari is arguably the most critical area of ​​iOS, as the web is the greatest source of danger. A browser always has security gaps that hackers could use for attacks, but in practice the risk is low. So far, Apple has always been able to close security gaps with security updates before major attacks occurred.

Hardly any defense helps against clumsy Javascript attacks, in which fraudsters pretend to be "BKA" or other authorities and demand money via a pop-up window. However, word of the harmlessness of this so-called scareware has long since got around - you should just ignore the popups. Downloading malware is as good as harmless on iOS - you can't run programs this way.

Good: Safari has supported the integration of content blockers since iOS 9. These not only protect against ads but also against trackers, analytics and sharing functions. This interface could not only block advertisements, but also improve protection against spam sites. Like the desktop version of Safari, the iOS version blocks already known malware and phishing sites - the option “Fraud warning” can be found in the Safari settings. However, malware and phishing sites that you are lured to by email or advertising banners are often only a few hours old. No protective system can therefore reliably detect them. Here, too, the user is asked: they simply have to become suspicious if the local savings bank requests login data by email or if they have just won a 7-series BMW.

Messenger as a problem

Unfortunately, Apple's Messenger played an inglorious role in the last security gaps in iOS. Time and again, hackers succeeded in finding vulnerabilities in the Apple app and exploiting them for attacks. Apple has strongly secured its chat program with iOS 14, but a strange messenger message should still be a warning signal for users.

SMS and phone: Better not to call back

What we personally lack on the iPhone instead of antivirus software is a simple blocking of phone numbers: manually and using a blocklist. On the Android platform, tools such as Calls Blacklist help block lottery machines and energy advisors. The iPhone is not only a surfing device, but also a telephone and fee rip-offs via SMS and phone calls. Better than any blocklist, however, is probably simple caution: If you receive an unknown SMS or an unknown phone call, you should simply not call back - it is too likely that expensive telephone charges will be incurred for the callback. In our opinion, telecom and co are the right people to talk to in this telephony plague. After all, known contacts can be blocked since iOS 7. So if you received a suspicious call, add the number to your contacts and then block the caller

VPN: makes more sense than antivirus software?

In addition to antivirus software, there are other iOS tools that can improve the security of an iPhone. A VPN solution is an interesting option for securely surfing in an Internet café. This protects incoming and outgoing data connections like an additional protective layer. However, this costs the operator of the server fees, so free VPN services usually only offer a few hundred MB of data volume.

Incidentally, the circle to antivirus software closes here: More and more antivirus software manufacturers are offering VPN services in addition to their malware scanners. For some services, the antivirus scanner is now even free, but the VPN service is not free. Almost every antivirus software manufacturer now has a VPN app for iOS on offer.

If you want more security, the Cloudflare service is an interesting solution. You cannot pretend a location in the USA or UK, but you can surf safely and free of charge.

EnlargeYou can use the app to secure your iPhone in the Internet café.

VPN is a completely different topic for companies: VPN has long been standard for company users and enables home office users secure access to the company network.

Freedome VPN As an additional protection, the VPN service from the antivirus software company F-Secure blocks the tracking services of advertisers and warns of websites known as malware slingshots. F-Secure also wants to anonymize search queries that search engines like Google save and assign to users. To do this, the tool opens a special F-Secure search page. This is based on Google search and can also be used without a VPN subscription. Good: The Finnish software company promises not to save the IP addresses of the users and works without user registration and there is no limit to the data volume. The performance is excellent. The F-Secure service is available in versions for OS X, Windows and Android. A one-year subscription for three devices costs 30 euros. However, the service is often available at a reduced price in specialist shops.

© Macwelt to the picture gallery full view


Apple doesn't allow antivirus software in the App Store, that's justified. Unfortunately, there is no app that checks the iPhone for a jailbreak. If you want more data security while on the move, a VPN solution would be recommended as additional insurance. In the end, every user has to take care of recognizing Bauernfänger e-mails and protecting their personal data - nobody does this for you on Mac and PC either.