I have received an iPhone 11 running iOS 13.5 that has unexplained usage. i.e..i can see while the phone was with me for the past 24 hours; Screen time records show intense activity even at midnight when no one has access to the phone. These activities include social media apps and iMessage.
It is suspected that the phone has a spyware installed on it.
anyway to clear out this suspicion?
Thanks
Can you provide more detail.
Ie, based on your description, it's not clear if the phone is on, connected to network/wifi, etc.
If it was on and connected to network/wifi could this simply be as a result of activity on their accounts from another device and being synced to this one.
Iphone spyware do not survive a turn off of device (reboot). Just do a reboot and recheck.
Maybe an application is doing a lot of pings to server
Iphone spyware do not survive a turn off of device (reboot). Just do a reboot and recheck.
Maybe an application is doing a lot of pings to server
Why should he reboot to test things?
If he reboots the iPhone—and if he's right about a spyware being on the iPhone; and if you are also right about spyware in iPhones not surviving a reboot—then he might lose the spyware and might struggle to find traces of it. Unfortunately, this outcome—which can result from different variables—is too ambiguous to clear out his suspicions about a spyware being there or not.
could be a defective digitizer
Can you provide more detail.
Ie, based on your description, it's not clear if the phone is on, connected to network/wifi, etc.
If it was on and connected to network/wifi could this simply be as a result of activity on their accounts from another device and being synced to this one.
Yes, So This Isn't a forensic case, its a matter of expert opinion, the phone has cellular data and the phone is on. So you are suggesting that maybe the person is accessing thru icloud, but the person confirm he does not use this account from other devices. so maybe someone else has access to icloud credentials?
Iphone spyware do not survive a turn off of device (reboot). Just do a reboot and recheck.
Maybe an application is doing a lot of pings to server
Interesting, never knew that! are your certain that spyware on iphone does not survive a reboot?
How come ? any technical explanation for that?
Iphone spyware do not survive a turn off of device (reboot). Just do a reboot and recheck.
Maybe an application is doing a lot of pings to server
Why should he reboot to test things?
If he reboots the iPhone—and if he's right about a spyware being on the iPhone; and if you are also right about spyware in iPhones not surviving a reboot—then he might lose the spyware and might struggle to find traces of it. Unfortunately, this outcome—which can result from different variables—is too ambiguous to clear out his suspicions about a spyware being there or not.
Yes, and it would be interesting if someone has a framework on how to deal with such a scenario!
@cs1337 I'm certain it's not the digitizer, screen time will not record activity upon digitizer malfunction.
do you have access to Cellebrite? You can image the device and run malware scanner which will use bit defender definition file. I believe it would be better if you can get a checkm8 extraction if compatible but I see you don't want to reboot the device.
Do you see any remote control apps like teamviewer or anydesk installed?