In the past, a common view was that if iOS devices were not jailbroken, malware could only be installed through Apple’s official market. The strict review of the official market can prevent users from being exposed to virus threats. In general, this statement is not wrong.

However, users using Apple mobile phones are not the only software download channel through the official application market. Some exceptions will occur. For relatively rare exceptions, we need to start with the iOS software certificate.

Application software on the iOS platform uses three types of certificates:

1. Ordinary certificate: signed by the software developer and released to the official market, and users access the official application market through iPhone or iPad Download software; obviously, when software companies continue to increase their products, the management and use of ordinary certificates will be more troublesome, affecting the progress of developers releasing software, and also increasing the risk of certificate loss. So there are company certificates for professional developer teams.

2. Company certificate: Multiple developer teams use certificates to publish different apps to the official market, and iPhone and iPad users still download apps from Apple’s official market;

3. Enterprise certificate: Not everyone obtains software through public Internet channels. Some enterprises and organizations require some specially customized software for internal use only. In order to debug the program, developers can install unreleased internal versions on the corporate intranet. At this time, it is more convenient to use the enterprise certificate to self-sign. The enterprise certificate is in the trust list of the iOS system, and the system allows these software to run on iOS devices.

However, once enterprise certificate self-signed software spreads to the third-party market, a third-party market will appear outside Apple's official market. You can install enterprise certificate self-signed software on iPhone and iPad without jailbreaking.

Abuse of enterprise certificates will cause the spread of virus Trojans. Before the spread of the WireLurker virus, a security vendor abused enterprise certificate distribution software and had its enterprise certificate revoked by Apple. Apps signed with this certificate will become unusable and the company's products will be removed from the shelves for up to a year.

Therefore, after the WireLurker virus was disclosed by Pan (Palo Alto Networks), Apple immediately blocked the enterprise certificate used by the WireLurker virus.

Conclusions and suggestions:

1. Due to the single channel for downloading and installing software on iOS devices, the spread of malicious programs has always been difficult. Users of iPhone and iPad don’t have to worry too much about security issues.

2. iPhone and iPad users should try not to jailbreak unless necessary. After jailbreaking, software download channels and security are really out of control.

3. Software development companies should strengthen certificate management. Once they abuse certificates to distribute software, they will be blacklisted by Apple, and the consequences will be very serious. For example, as mentioned earlier, there was a case of abusing enterprise certificates and Apple blocked the software and removed it from the shelves for a year. Developers should learn lessons and avoid making the same mistakes again.

4. Install anti-virus software on your computer to cut off the possibility of spreading viruses from your computer to your mobile device.