Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

nouveau_redneck

macrumors 6502a
Original poster
Sep 16, 2017
551
867
I did something stupid, clicked on a spoofed email that lead to a .ru site on my iPhone 8+, latest iOS. It redirected and then prompted me with a message to call a number. I hit cancel and backed out of the email.

So what I did to be cautious was do a factory erase and then restored my phone from iTunes backup that was made prior to my foolishness. All good, but is any potential for infection or malware gone?

I have not been able to find an answer and I've searched quite a bit. Does the erase just delete personal data or does it completely reimage the OS? I'm paranoid that if it only deleted my apps and data that the email application which I suspect is in the OS may have been impaired and remain untouched by the erase. If anyone can explain the technical process that is occuring during the erase, I would appreciate it.
 
I found what I need.

The iOS Security version 11.4 white paper contains the information that I was looking for. (https://www.apple.com/business/site/docs/iOS_Security_Guide.pdf)

It looks like the OS partition is NOT erased during "Erase all content and settings". That, however, is fine given the awesome Apple security design.

In summary, I found;
+ The user partition is separate from the OS partition.
+ The user partition is protected by encryption keys within effaceable storage.
+ Upon using "Erase all content and settings", all keys within the effaceable storage are deleted.
+ The data in the user partition is NOT erased, but is rendered cryptographically inaccessible. (assuming it is also marked as free space to be overwritten when APFS needs to write new data).
+ The data in the OS partition is NOT erased, however that would not be necessary, as it is protected via secure boot chain, code signing, and runtime process security, starting with Apple cryptographically signed hardware Boot ROM. If this security chain is breached, it would render the OS unbootable, putting it in recovery mode.

It's a long document and I only skimmed it, but it addresses my underlying questions.
 
Last edited:
Emails are not included in the backup so there should be no risk after factory reset > backup restore. Also if your phone is not jailbroken the risk that you were infected is minimal in any case (I would say less than 0.5%) due to sandboxing. That's one of the best things of using iOS/macOS.
 
Emails are not included in the backup so there should be no risk after factory reset > backup restore. Also if your phone is not jailbroken the risk that you were infected is minimal in any case (I would say less than 0.5%) due to sandboxing. That's one of the best things of using iOS/macOS.

Yep, I've got everything in iCloud and in Outlook. I was more concerned with something that may have been left behind from my stupidily clicking on that email.

The more I look at Apple security, the more I like what they are doing!
 
No one has ever gotten a virus, malware or Trojan on an iOS device ever. Ever.
Neither did you.
You didn't need to go to such extreme lengths wiping your phone. It never got infected.
 
No one has ever gotten a virus, malware or Trojan on an iOS device ever. Ever.
Neither did you.
You didn't need to go to such extreme lengths wiping your phone. It never got infected.

I agree that I probably did not need to do that, but I'm security paranoid and felt better doing it. Now that I have, I've seen how easy it is to bring the phone back using backups.

Regarding no one ever getting a virus, malware or trojan on iOS. I doubt that is correct.
[doublepost=1536186630][/doublepost]Quick DDG check. Top 3 hits.

http://fortune.com/2016/03/16/malware-infect-apple-iphone-ipad/

https://www.theiphonewiki.com/wiki/Malware_for_iOS

https://www.zdnet.com/article/does-ios-malware-actually-exist/
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.