iPhones are generally considered the Fort Knox of smartphones. A closed system, strict app store guidelines, and fast updates – anyone who owns an iPhone usually feels like they’re on the safe side. But, as is so often the case, appearances can be deceiving.

The reality is more nuanced: Apple has done a lot of things right, no question. But that doesn’t mean iOS is immune to threats. Quite the opposite: New legal requirements, sophisticated scams , and technical tricks mean that iPhone users should also remain vigilant.

In this article, we take a look at current threats for iOS users, show why the security situation is changing – and what concrete measures can be taken.

The protected apple: Why iPhones are fundamentally secure

Apple has pursued a no-compromise security strategy for years. This starts with the hardware – with its own security chip – and extends to a clear app store policy. Apps undergo extensive testing before they are even approved for download. Additionally, features like Face ID, end-to-end encryption, containerization (the separation of app data), and regular updates ensure that the attack surface remains smaller than on many Android devices.

But no system is perfect. And this is where things get interesting.

EU Digital Markets Act: More freedom, more risk

A major change is coming from Brussels: The Digital Markets Act (DMA) forces Apple to open its platform in Europe. Apps will be allowed to be offered outside of the App Store in the future . Browser manufacturers will be allowed to use their own engines, and developers will have access to previously closed interfaces.

What sounds like more freedom of choice from the consumer’s perspective brings new risks from a security perspective:

• Alternative app stores : These may have less stringent security controls. In the worst case, users download malware instead of apps.
• Own browser engines : Hackers are finding new attack possibilities that Apple’s own WebKit browser has so far prevented.
• More interface access: Developers could in future obtain sensitive data such as Wi-Fi names, message content, or one-time codes. Anyone who possesses these could theoretically use them for tracking or misuse.

In short: more openness does not automatically mean more security, on the contrary.

Current dangers: Where iPhone users really need to be careful today

In addition to regulatory changes, there are a number of very specific threats that iPhone users face in everyday life, often without even realizing it:

1. Jailbreaking: Freedom with fatal consequences

Jailbreaking allows you to open the iPhone to apps and features that Apple doesn’t normally allow. While this sounds tempting to tinkerers, it’s actually a security nightmare. Important protection mechanisms like Secure Boot and Data Execution Prevention are disabled. Furthermore, there are no more updates, but security vulnerabilities remain unfixed. Apple blocks updates for jailbroken iPhones due to its own security and system integrity policies.

2. Fake apps in the App Store: No absolute security

Apple reviews every app before it hits the store. But mistakes happen here too . Recently, security experts like ESET researcher Lukas Stefanko discovered several fake apps. Among them was a manipulated version of the password manager LastPass that stole login credentials. Also among the malicious apps discovered: a malware called SparkCat , hidden in seemingly harmless AI or delivery apps, and a fake crypto wallet called Rabby Wallet & Crypto Solution .

3. Downloads via websites: The underestimated danger

So-called Progressive Web Apps (PWAs) allow apps to be installed directly through the browser. This happens without going through the app store and without explicit consent. This feature is increasingly being exploited by cybercriminals. For example, ESET discovered banking malware disguised as a legitimate financial app and used precisely this method.

4. Phishing & Social Engineering: Attack on your attention

Phishing has long since become more limited to email. iOS users receive fake SMS, iMessages, or even FaceTime calls. They claim to be from Apple Support or partners. However, behind them lie sophisticated schemes to steal Apple IDs.

In a particularly perfidious case , attackers tricked users into installing an MDM (Mobile Device Management) profile. This allowed hackers to gain full access to the device and install the GoldPickaxe spyware.

5. Public Wi-Fi: The classic risk

A free Wi-Fi connection at a café connects quickly and can be compromised just as easily. Many networks lack encryption, while others are fake hotspots created by attackers. As soon as a user connects, data such as passwords or credit card numbers can be intercepted.

Solution: Use a VPN , always. And never do online banking or sensitive logins while on the go.

6. Zero-day vulnerabilities: The invisible danger

Even with Apple’s high level of security, vulnerabilities sometimes creep in. Apple typically delivers security patches for these within a short time. These should be installed as soon as possible. Otherwise, dangerous cyberattacks threaten. In 2023, for example, Apple had to close a vulnerability that allowed information to be retrieved from locked devices via Siri.

Even more dangerous are so-called zero-days. These are unknown vulnerabilities that are deliberately exploited by hackers or even surveillance companies. Popular targets include journalists and activists.

Stay safe: These measures are really worth it

Fortunately, there are simple steps you can take to effectively protect yourself against most threats:

• Update iOS & apps regularly
• Use strong passwords, e.g., with the ESET Password Manager
• Activate Face ID or Touch ID and combine it with a secure code
• Never jailbreak
• Recognize phishing signs based on spelling mistakes, urgency, “special offers,” and incorrect sender addresses
• Only use public Wi-Fi with a VPN
• Use only the official Apple App Store
• Activate blocking mode if you could be the target of focused attacks
• Take warning signs seriously: new apps, increased data usage, pop-ups, overheating

Conclusion: iPhones are safe, but vigilance remains a must

Apple offers an excellent security foundation. But it doesn’t protect against all threats. Precisely because iPhones are so popular, they’re increasingly becoming a target for attackers. Those who use their devices responsibly, update regularly, and remain vigilant can significantly reduce the risk.