https://www.iverify.io/post/iverify-basic-is-now-on-android
iVerify Basic is now available on Android! They’ve also updated the iOS app.
It does seem, however, that it no longer continuously scans the device checking for compromise or iOS updates. It looks like that is an organisation-only feature now. You can run a “basic scan” though. So I imagine that you won’t be notified of an iOS update unless you run the scan.
Thank you Jonah! The preview didn’t work. I was about to edit the title but you beat me to it.
It doesn’t appear that any functionality has changed on iOS, just a UI overhaul. The existing lock screen and home screen widgets which display the check statuses are still the same, and threat detection, iOS update available, and reboot reminder notifications are all still in the same place in settings.
I guess I’ll see whether I get notified next time an iOS update comes out, since that’s usually where I hear about them first.
Edit: the in-app FAQ still says checks are run every 10 minutes.
Edit 2: not true
Yeah, I wasn’t sure. It just that the “Device Health” at the bottom didn’t appear until after I ran the “Basic Scan”. Well, it disappeared after I rebooted my iPhone and said that the device hasn’t been scanned yet. When I did scan it, it showed up.
It said that before the update too. I’d imagine they would have changed that if it did change. I guess we’ll see when the next iOS update comes out.
Edit: quitting the app also gets rid of the “Device Health” on the main screen until you tap “Run Basic Scan”. And it says “Device not scanned” under “Protection Measures”. They did say that opening the app would force a scan before this update.
I’m not thrilled by these changes still. I emailed them to clarify what’s changed.
Following, is there any “native” solution similar to iVerify but Android only?
Hypatia is mentioned on Privacy Guides here. Not sure what its capabilities are exactly compared to iVerify.
@anon59474973
Hypatia can scan all available system files, shared files, and app content (not data).
The signatures it matches against are from dozens of sources and highly optimized into a bloom filter for local processing.
It has 7.2 million signatures by default and an opt-in extended database with another 41 million.
Stats here: https://divested.dev/MalwareScannerSignatures/
Today’s update, which I just released a few minutes ago, can even now scan screen content and alert on malicious domains.
Lastly, it is free as in money and as in freedom via GPL-3.0.
Good to know! Thank you. I had a look after posting that reply and saw that it is more of a anti-malware scanner. Different to iVerify as Apple doesn’t allow an app to look around too much.
I wonder if iVerify on Android would be much different to iOS? I’m also wondering how their smishing protection will work considering iOS doesn’t allow apps to access SMS messages.
Good for phishing and browsing! hope to see something for smishing in the future.
So iVerify does smishing protection by verifying the number of the sender with the official one?
For guides and recommendations we have PG, don’t need iVerify for that.
Bad news (plus maybe good news):
Hi Jonah —
Thanks for the questions!
You’re correct, device scanning on iVerify Basic is now on-demand rather than automatic (which is now an enterprise feature) and although spyware isn’t something our consumer users cite as a top concern, the scans will still look for relevant IOCs – now with the added advanced forensic capabilities of threat hunting (a functionality that was previously only available to enterprise customers).
Let me know if you have any other questions.
Melanie
/for iVerify
I don’t know what “threat hunting” entails exactly yet.
Most based anti-malware, I have been running it on my device for some time.
Really wonder why tho. Not great that they just kill features you pay for (not much)
Note that existing users paid more for it than new users are now.
Yeah this seems pretty unethical then. I can understand if lots of compute was used on their end for automatic scans, but it would be better to communicate this with consumers before making such major changes. Any new recommendations for iOS?
That’s really unfortunate. It makes their iOS update notification less useful as I can just check that manually myself in Settings. I’ll still keep it as that is the only way you can force Safari to use HTTPS and block HTTP connections. At least it still notifies you to reboot your device.
I wonder why continuous scanning has to be an enterprise feature? Carey Parker did interview the two founders of iVerify a while ago and they did say that the consumer app would become a subscription, but I didn’t think they meant like this. Definitely a lot less useful for non-enterprise users now.
Edit: It also looks like they removed their DNS-over-HTTPS feature. You can no longer choose Quad9, Google or Cloudflare. That option doesn’t exist anymore. They did keep their Secured Browsing feature though.
I don’t believe there are many other options for iOS. It’s too lockdown for apps like Hypatia, and another app similar to iVerify did exist many years ago but Apple removed it from the App Store because it was looking around too much. iVerify did have some trouble too because they recommended apps, which is prohibited on the App Store, so they had to make it link to a page on their website to recommend the apps and then Apple approved it.
You do have Certo but I don’t know much about them. All Things Secured did make a video on spyware and Certo AntiSpy did show him how to remove it. They do also have a mobile app called “Certo Mobile Security” but I’ve never used it. I had quick look on the App Store and there is a “Check Now” button on the pictures, so I assume it’s like iVerify now and is only an on-demand scanner.
I think it will still tell you about iOS updates automatically, but I’ll double check.
Consumers can request an advanced forensic analysis from iVerify every 90 days.
The way this works is that it has you run an iOS Diagnostic (sysdiagnose), then send it to iVerify for analysis:
When you upload the file it asks you for an email so they can contact you if they “find something suspicious.” It also gives you the option to not receive a notification, but I’m not sure what the point of that is. Maybe the notification will also show up in the iVerify app either way?
It immediately provides results with no further details:
Anyways, this is probably more thorough than the regular scans? So that is cool, but it doesn’t seem like they’ve shared what the threat hunt actually looks for, so it’s kind of hard to make any sort of assessment.
I’m curious about that too.
I haven’t installed the latest iOs on my iPad yet, but the latest version of the app.
The widget of the app shows the yellow warning sign and Fixes needed.
But when I open iVerify, it only shows me Device not scanned and the green shield icon for Protection Measures.
Only when I have scanned it shows me Fixes Required: Update Device.
If I now close the app completely and open it again, the warning is gone again until I have done a new scan.
