Tech Friend: If I use Apple devices, should I stick to Apple apps?

Phone with messaging app speech bubbles.

Tech Friend is our advice column covering cybersecurity, privacy, and everyday technology. Email your question to techfriend@expressvpn.com. If you have questions about your ExpressVPN subscription or need troubleshooting help, please contact Support.


Apple apps vs. the rest

For Apple users, is there a reason to use third-party software instead of Apple’s own apps? For example, Signal vs. iMessage, ProtonMail vs. iCloud Mail, or Brave vs. Safari. It seems Apple provides similar privacy features for their services.

Submitted by: Blizzard

Apple has cultivated a privacy-friendly image, and its devices come with all the basic services you need. Sure, you might prefer other apps based on the specific features or user experience they offer. But from a pure privacy perspective, there are also reasons to explore non-Apple services—and those reasons vary based on the type of service at hand.

Messaging apps

For messaging services, the main consideration is cross-platform privacy. Tailor-made for Apple devices, iMessage offers strong privacy protections when used between Apple devices, but those protections are significantly downgraded if you’re communicating with someone on Android. When sent between Apple devices, messages are end-to-end encrypted—safe from prying eyes, including Apple’s. But messages sent to Android phones default to SMS. Although Android supports RCS messaging, a standard with the same features and privacy benefits as iMessage, Apple has no plans to support RCS, meaning texts between iPhone and Android will not be as secure as they could be. 

As there is no way to ensure everyone you communicate with exclusively uses Apple devices, Signal offers a privacy advantage, using end-to-end message encryption. Read our post on WhatsApp vs. Signal for an in-depth look at Signal’s privacy benefits that go beyond end-to-end encryption.

Another traditional disadvantage with using iMessage has to do with your backups. Your iMessage backups are automatically stored in iCloud, but these backups have not been encrypted. With Signal, backups are encrypted and stored on your device. Now that Apple is finally adding end-to-end encryption to iCloud backups with the release of iOS 16.2, the situation is improving, but it’s still a setting you need to enable, so Signal remains the safer bet.

Read more: The best messaging apps for privacy and security

Browsers

With browsers, one aspect to look at is whether the software is open source. 

Safari has decent privacy features. It can block trackers and run tabs in sandboxes, which helps prevent the spread of malicious code. But some parts of Safari are closed source. This means there’s a lack of transparency, and we have to trust Apple to respect user privacy and security. Apple was also exposed for its involvement in the NSA’s PRISM program, in which the U.S. government gained access to data. Though this was admittedly nearly a decade ago, it might give some people pause. 

Like Safari, a privacy-focused browser like Brave can block trackers and ads natively and protects your data from third parties by running analytics on the device. Based on the Chromium source code (the same code that runs Chrome), Brave is open source. Brave also lets you use Tor. Other browsers that have a privacy focus include Firefox, Tor Browser, and the upstart Neeva.

Email

When it comes to email, the factor to consider is strength of encryption—i.e., how hard it is for a third party to read your emails. Like many popular email services, iCloud Mail does not offer end-to-end encryption for emails. This means Apple has access to your emails.

ProtonMail, perhaps the most respected privacy-focused email service, is a rare service that offers end-to-end encryption. Emails are encrypted on the sender’s device and decrypted on the recipient’s device. However, it only works this way if both parties are using ProtonMail or another E2EE email service. If your recipient does not use ProtonMail, you can require them to have a password to open the email. 


Risk of malicious apps

Can a cybercriminal use malware to install hidden apps on my iPhone, even if it’s not jailbroken? How do I detect malware or viruses on my phone?

Submitted by: Anonymous

Apple only permits iPhone users to download apps from its App Store, which has a stringent vetting process to ensure the apps are safe. Anyone wanting to install apps from outside of the App Store can “jailbreak” their iPhone, making an unauthorized modification to the operating system. While this gives you more freedom to use different apps, jailbreaking also increases security risks on the device, because you might weaken security features and also because you lose Apple’s screening of the apps.

So does this mean as long as you don’t jailbreak your iPhone, you don’t have to worry about an attacker installing malicious apps?

It’s extremely unlikely for a non-jailbroken phone to have malicious apps installed, so you don’t generally have to worry about that—but a non-jailbroken phone isn’t 100% safe. Attacks on Apple devices tend to come in the form of links in browsers, rather than apps, and these viruses might infect your operating system, allowing someone to spy on you. These types of attacks rely on zero-day vulnerabilities and phishing, with which you’re tricked into performing an action like clicking a link, which gives attackers access to your device. 

It’s not always obvious if your phone is infected. Signs include:

  • Your device is experiencing a decrease in performance
  • New programs and features appear at random
  • Unexplained increase in data usage
  • An inability to access programs or files

Read more: How to know if your phone has a virus

If your phone is infected by malware or a virus, often the best solution is to perform a factory reset of your device. This reverts it back to its original state when you bought it. But if you have indeed been targeted by some of the most sophisticated malware that you can’t get rid of—such as Pegasus or Predator spyware, which we’ve covered in the past—the last-resort solution would be to get a new device.


Intervention in online abuse

If someone using a VPN is sending inappropriate messages or abusive content, how would the VPN provider stop this from happening, assuming no records are kept?

Submitted by: Duncan

The VPN provider would not stop this from happening. If no user records are kept, it’s simply unfeasible. If it’s a less-reputable VPN company with which records are kept, it’s also unlikely the VPN provider would step in, as it’s not their role to address such matters.

Speaking for ourselves only, ExpressVPN cannot stop anyone from sending a certain type of message while using our service, as we do not know what you use a VPN for. We have a strict policy of not collecting activity logs, and we don’t collect user information like IP addresses, browsing history, traffic destination, metadata, and DNS queries. The minimal information we do collect is outlined in our Privacy Policy, but it’s not enough to enable us or anyone else to match an individual to specific network activity or behavior. 

Phone protected by ExpressVPN.
Protect your privacy with the best VPN

30-day money-back guarantee

A phone with a padlock.
Enjoy a safer online experience with powerful privacy protection
What is a VPN?
Answering your online privacy, cybersecurity, and other everyday technology questions.