Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

hyperbolic

macrumors member
Original poster
Jun 8, 2022
50
25
If you view the attached screenshots you’ll see that there’s a very strange 40MB “Software Update” (“update” “app”) that’s installed on my phone (iOS 16.3.1) that suddenly appeared in the iPhone Storage List around the time of a late-iOS 15 update, and it’s been there ever since.

This “app” in the *app list identifies itself as a software “update”, but there’s no accompanying information or update version numbers. There’s a “Delete Update” button present, but pressing it does *not delete the update. The “last used” time always shows “Today” even though quite certainly I’ve never opened an app or update that would be represented by this. I also have automatic updates turned fully OFF.

This “item”, as I’ll refer to it, is *NOT present on any of my other iOS devices wherein all of them are running the latest version of iOS (16.3.1), and I’m talking about *several other iOS devices both iPads & iPhones that are of various model numbers age ages. Two of the other devices are the exact same as the device this strange app exists on, namely they’re all iPhone 8 Plus’s.

—> WTF is this thing? And why is it not installed on any of my other devices, and why does it refuse to delete itself when I click the “Delete Update” button. The presence of the button implies it’s a deletable item, yet it refuses to delete.

— Does anyone else have this item on their iOS device? It so, please post screenshots if possible, and tell us what the size of the item is (the one on my phone is constantly 40MB). Please also tell us if you’re able to delete it, and if you can recall the exact date and circumstances under which it first appeared on your phone (literally out of nowhere).

—> The *only thing I can think of that might indicate this is a legitimate entry and not the result of a clear hack (which has been my suspicion) is that around the time I first saw this in the iPhone Storage List, I was on a support call with Apple, and to my amazement the support rep sent a command to my phone that asked me to *temporarily allow some sort of screen sharing access to my phone. I accepted the request, and do my amazement and certain horror, a mouse pointer icon suddenly appeared on my screen and I watched as the Apple support rep moved the pointer around my screen to help instruct me as to how he wished for me to proceed. Could this strange “app/update” be a screen sharing bundle that Apple remotely installed on my phone that day?? I find it inconceivable that Apple would install custom software on a users phone during a support call, thereby altering the phone and in this case it would be a permanent alteration because iOS won’t let me delete the f’n thing. I would literally prefer if this is the result of a hacker because I have a big problem with Apple Remote installing and kind of software on my phone *especislly without clearly explaining exactly what they’re installing and how I can certainly permanently remove it. *Especially software that allows remote screen sharing! I mean, WTF… if this is actually the case then Apple should be called out big time on this.

And as far as I’m concerned Apple should allow users to activate a setting that would prevent any type of remotes screen sharing under *any circumstances. You can disable FaceTime screen sharing so you should also be able to disable this f’d up remote screen sharing that Apple magically activated during a simple support call. (There was no reason to activate this, I’m well aware of how iOS works and I don’t need a support rep remotely monitoring my screen — had I fully understood what he was about to do I would have never accepted that incoming request (which presented itself as an alert panel if I remember correctly). Can you imagine if there is indeed *any kind of bug in this “support” feature that would allow a hacker to silently compromise a phone to get full screen sharing?? I mean what is Apple thinking even allowing thus type of remote access in the first place. It just boggles my mind.

In any event, this thread is about the “Software Update” “app” that’s appearing on my phone, and I’m hoping somebody knows what the F it is, why the F it’s there, and how the F to remove it. (Remember, this is appealing on only a single one of my many iOS devices…)
 

Attachments

  • 0CDD687F-42A1-4F1C-9467-2141820608A0.png
    0CDD687F-42A1-4F1C-9467-2141820608A0.png
    134.3 KB · Views: 163
  • 42B7CABA-5111-4FB7-BF58-F6F15A16FD81.png
    42B7CABA-5111-4FB7-BF58-F6F15A16FD81.png
    378.5 KB · Views: 110
I have it on my iPhone too but mine is 82KB's.. It's been there since iOS15 and it's not deletable.. I'm sure restoring the device would get rid of it but 82KB's is minuscule and hasn't caused any issues that I can notice. I'd like to know how to delete it without restoring if possible..
A18199C2-35BA-4A7C-881B-957AA06B7BD0.jpeg
 
Screenshare does not allow an Apple rep to control your device. All they can do is view what you see on your screen, and move the cursor to an area they wish to highlight. They however are supposed to ask for your permission first to screenshare, unless the user requests it first.

This looks like a residual data, such as from a failed update, an update that was downloaded but never installed etc.

I had an issue on my old Apple ID where a failed or incomplete backup left 13kb of residual data on that iCloud storage forever, no one was able to delete it to free it up. So it wouldn't surprise me if this is in the similar sorts.
 
I have it on my iPhone too but mine is 82KB's.. It's been there since iOS15 and it's not deletable.. I'm sure restoring the device would get rid of it but 82KB's is minuscule and hasn't caused any issues that I can notice. I'd like to know how to delete it without restoring if possible..
View attachment 2173854


Thank you very much for the response. It’s further odd that the item is 40MB on my device yet only 82 kB on yours — exactly what iOS device model did you find this on? And what version of iOS is it currently running?

So… have you ever had a support call with Apple Support where they activated remote screen sharing on your phone so they could see your screen to help diagnose a problem? If not, then my rudimentary theory that this could be some type of Apple Support screen sharing bundle is wrong.

So far this has been found on two devices then… it’s not on any of my other 5 devices, so whatever it is, it’s rare. I am leaning towards it being the result of a hack. I’m now going to file an incident to Apple’s security reporting process. It’s not going to hurt, it’s reasonable under these circumstances, and it will plug a major security hole if indeed it’s not of Apple’s doing but Earhart it’s a hack. Either way it’ll go a long war towards determining what this thing is.

I’d like to know exactly what the hell it is, what it does, when/how it got installed, and who installed it & for what purpose.

If anyone else has this in their iOS device please do respond if you’re so inclined.
 
There is no hack. It's residual data. A quick Google search will show that a lot of people have that. You can safely ignore it.


The fact that some people are reporting it on the internet in no way proves it’s not a hack. Zero . Zip. There are a billion iOS devices on the market, finding 5 reports of it online means nothing. One characteristic of a hack is that evidence is found on only a small percentage of devices.

It’s ludicrous to “safely ignore” this specific occurrence. Since iOS 12, Apple has fixed around a dozen zero-day hacks that allowed *full control over compromised iOS devices. This is an excellent example of a compromised devices given the circumstances. It’s foolish to “safely ignore” situations like this particular one.
 
Possibly a glitch similar to having excessive "Other" data in storage?

I called Apple a while back and they requested to screen share, I believe this feature is similar to FaceTime screen sharing. Though I don't have "software update" in my storage.
 
  • Like
Reactions: hyperbolic
The fact that some people are reporting it on the internet in no way proves it’s not a hack. Zero . Zip. There are a billion iOS devices on the market, finding 5 reports of it online means nothing. One characteristic of a hack is that evidence is found on only a small percentage of devices.

It’s ludicrous to “safely ignore” this specific occurrence. Since iOS 12, Apple has fixed around a dozen zero-day hacks that allowed *full control over compromised iOS devices. This is an excellent example of a compromised devices given the circumstances. It’s foolish to “safely ignore” situations like this particular one.

If you believe it's a hack (which I still think there's about a 0% chance of that being true), call Apple support and have yourself escalated to engineering. It will take a while but I'm sure at some point you will get an answer with enough patience.
 
Thank you very much for the response. It’s further odd that the item is 40MB on my device yet only 82 kB on yours — exactly what iOS device model did you find this on? And what version of iOS is it currently running?

So… have you ever had a support call with Apple Support where they activated remote screen sharing on your phone so they could see your screen to help diagnose a problem? If not, then my rudimentary theory that this could be some type of Apple Support screen sharing bundle is wrong.

So far this has been found on two devices then… it’s not on any of my other 5 devices, so whatever it is, it’s rare. I am leaning towards it being the result of a hack. I’m now going to file an incident to Apple’s security reporting process. It’s not going to hurt, it’s reasonable under these circumstances, and it will plug a major security hole if indeed it’s not of Apple’s doing but Earhart it’s a hack. Either way it’ll go a long war towards determining what this thing is.

I’d like to know exactly what the hell it is, what it does, when/how it got installed, and who installed it & for what purpose.

If anyone else has this in their iOS device please do respond if you’re so inclined.
It's on an iPhone X running 16.3.1. I have never had any remote screen sharing with Apple support or any other interaction with Apple where they had access to the device..
 
This has been a thing for years. Once my phone downloaded a .1 update without installing it and the thing was more than 1GB. But because it was buggy Apple pushed out another one. So I just deleted the item and make the phone download the new update and then install it. That's what it is. No drama.
 
Thank you very much for the response. It’s further odd that the item is 40MB on my device yet only 82 kB on yours — exactly what iOS device model did you find this on? And what version of iOS is it currently running?

So… have you ever had a support call with Apple Support where they activated remote screen sharing on your phone so they could see your screen to help diagnose a problem? If not, then my rudimentary theory that this could be some type of Apple Support screen sharing bundle is wrong.

So far this has been found on two devices then… it’s not on any of my other 5 devices, so whatever it is, it’s rare. I am leaning towards it being the result of a hack. I’m now going to file an incident to Apple’s security reporting process. It’s not going to hurt, it’s reasonable under these circumstances, and it will plug a major security hole if indeed it’s not of Apple’s doing but Earhart it’s a hack. Either way it’ll go a long war towards determining what this thing is.

I’d like to know exactly what the hell it is, what it does, when/how it got installed, and who installed it & for what purpose.

If anyone else has this in their iOS device please do respond if you’re so inclined.
After installing 16.4, the lingering 84kb software update is gone from my storage list..
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.