iVerify (iOS Device Scanning Tool)

iVerify has been developed by Trail of bits, which is a well-reputed cybersecurity company that has themselves audited lots of widely used software. More info can be seen at iVerify for Consumers | Security App for iPhone and Android

Compared to existing tools out there, this seems to be the first that works as a normal sandboxed app without requiring MDM.

EDIT 10/21: This FAQ describes the app’s functionality in greater depth: iVerify | Frequently Asked Questions

I doubr this does more then enabling lockdown mode. Apple also informs you if you have been targeted. So what is this doing that ios does not?

it basically has a bunch of guides to actually enable/disable settings
as well as some general advice/tutorials from what I understand

there is a similar, less iOS specific/more general app called Umbrella, not sure what state it is in these days.

This FAQ describes the app’s functionality in greater depth: iVerify | Frequently Asked Questions

It could be interesting? Though I’d prefer that it ask the user before transmitting.

What information does iVerify collect?

We collect as little data as needed. The standalone iVerify app for iOS collects only:

Threat detection results
iVerify application crash reports (if a crash occurs)

When a potential compromise is detected, we collect data necessary to better understand it. This data consists of:

iOS version
Device model
iVerify application version
Cellular carrier and WiFi status
IP address
Battery level and charging state
An iVerify-specific device ID

The provided data is anonymous and transmitted to an iVerify server over a secure connection. The data is retained for 30 days.

Is the app open source, if not, have they publicly explained/justified why not?

especially considering it is a paid app, you’d expect it to be opt-in.

proprietary, something something security by obscurity

It’s not open source and they don’t seem to say why. You could probably email them about it. FWIW, the product came from trail of bits which has a very solid reputation and open source != private or secure.

they do zilch to elaborate what it really does, it is actually a stark difference from their reputation

1 Like

The FAQ says what it does but I agree it could be written in greater depth for those who are interested in more technical details.

It would be interesting to see what a ToB employee says about it. Could we reach out on Twitter to see if they can clarify our understanding of iVerify?

I will just say that I and most iOS users I know do have iVerify installed. At the very least it does notify me about updates much quicker than the system does, and the reboot reminders are handy.

I never put it on the site because it isn’t open-source, and they don’t really explain how it works to detect spyware. Many many security researchers claim it does work (without further explanation), which is good enough for me to use it, but not good enough for me to just repeat those claims to others, so I don’t know how I feel about this listing :thinking:


Why do you think that is? That seems fairly unusual.

Well, you can test that it does work to detect jailbreaks yourself with any available jailbreaking tool for your device. And it does detect standard run-of-the-mill jailbreaks, which has some utility, but it’s nothing like any sort of full-system scan. Obviously it can only detect indicators of compromise from within the iOS app sandbox, so its utility is going to be limited over an external tool.

I would probably be more interested in eventually writing a post on MVT, if we want to talk about mobile malware detection.

I think many beginners would benefit from the guides provided in the iVerify app and this is Privacy Guides after all. Maybe just put a disclaimer regarding the lack of info surrounding the implementation of their detection mechanism.

I never heard of it that’s why I am quite surprised. Do you know how it compares to Jamf?
Jamf is what I know to be doing just what you say. It actually was one of the first solutions that could detect and respond to Pegasus.

Well Jamf is an MDM, and my understanding is that Jamf Protect stops Pegasus spyware at the network level. iVerify doesn’t scan network traffic.

iVerify looks for indicators of compromise locally by checking if certain files exist that shouldn’t, checking if certain URL handlers are installed (checking whether the phone knows how to handle Cydia links, for example), etc.

I don’t think Jamf is doing the same thing, but I’m not sure. Jamf isn’t typically available to individuals either though.

Jamf is much more than just an MDM but sure that’s the core product indeed. But they also offer endpoint protection for MacOS and iOS see: Endpoint protection and Apple security

This is realtime scanning solution and security advisory. It seems to be much like iVerify.

I do think it is indeed enterprise only. Didn’t think about that.

Maybe? All the descriptions I’m seeing describe Jamf Executive Threat Protection as a VPN, I can’t find anything in their marketing or documentation that suggests they’re doing the same thing as iVerify :man_shrugging:

I do see some third-party articles say it also does things like system log scanning/analysis, so it probably in part does do the same thing as iVerify, yeah.

1 Like

which is good enough for me to use it, but not good enough for me to just repeat those claims to others,

@jonah, I have followed you on and off for awhile now and if there’s something like this you are using I would appreciate knowing about it. Even if it’s not worthy for PG, maybe you consider a blog post somewhere unaffiliated.

For reboot reminders, my test iDevice has a shortcut set to run every X interval to prompt me for a reboot.