What are the Apple threat notifications?
On 10 April 2024, Apple sent threat notifications to users of iPhones in 92 countries. According to Tech Crunch, the warning text read:
“Apple detected that you are being targeted by a mercenary spyware attack that is trying to remotely compromise the iPhone associated with your Apple ID -xxx-
“This attack is likely targeting you specifically because of who you are or what you do. Although it’s never possible to achieve absolute certainty when detecting such attacks, Apple has high confidence in this warning — please take it seriously.”
Apple has been sending threat notifications such as these since 2021. The last round of notifications came in October 2023.
What is spyware?
Spyware is a type of malicious software used for surveillance purposes. It interferes with a device’s normal operation to secretly collect information without alerting the user. Data collected by the spyware is then sent to an unauthorised entity, which in many cases can be a government operator of the spyware. Spyware can target any connected device: phones, computers and other devices that connect to the internet.
Highly invasive spyware allows unlimited access to a device by default. It leaves little to no trace, so for the user it’s almost impossible to know that they have been compromised without such notifications or detailed forensic analysis.
Amnesty International campaigns for a ban on highly invasive spyware and a global moratorium – a halt on the sale, transfer, and use of surveillance technology – until there is a proper human rights regulatory framework in place that protects people from the misuse of these tools.
Does a threat notification mean that a device is infected with spyware?
An Apple threat notification is a very strong indication that a device is being targeted with advanced spyware. Following previous rounds of Apple notifications, Amnesty International’s Security Lab, and other civil society groups such as Access Now and Citizen Lab, have conducted forensics tests with individuals who have received such notifications. In many cases these forensic checks have confirmed that the devices of people who had received the notifications were indeed targeted and compromised with advanced spyware.
These forensics tests have confirmed cases of the use of highly invasive spyware, such as Pegasus, and other spyware, against individuals in countries including India, Serbia, Jordan and Armenia.
It is worth noting that a threat notification means that Apple believes an attempt has been made to compromise the device. It does not necessarily mean an attacker has succeeded in implanting spyware on the device. Only a forensic analysis can confirm if a device was indeed compromised.
I received an Apple threat notification – what should I do?
Amnesty International’s Security Lab offers digital forensic support to at-risk human rights defenders, activists, journalists and members of civil society.
If you are a member of civil society, and you have received an Apple notification, you can contact us and request forensic support using our Get Help form.
The Access Now Helpline and other Security Lab civil society partners are also equipped to support individuals who have received these Apple notifications.
I didn’t receive an Apple threat notification, but I am still worried. What should I do?
If you have not received an Apple notification, but have other reasons to believe your Apple device may be targeted by spyware or other digital threats, you can enable Lockdown Mode for additional protection. You can also still contact the Security Lab using the form above.
The Security Lab is not in a position to provide general digital security trainings or technical support. Due to the volume of requests, we may be unable to respond to requests which are not clearly from civil society.
Top image of hand holding phone © Colin Foo