-
I've recently noticed that my devices battery life and data limit has been draining at a higher rate than normal.
-
Furthermore, upon a little further investigation, it seems a number of photos have been deleted that I do not remember removing.
-
I also noticed a disney plus profile added to my keychain (a service I do not use).
-
I pulled the logs multiple times and did not see the lines I'm interested in occurring during the first few attempts. Which apps or services might generate them?
I don't have any real reason to think someone would hack my device as I don't keep any real sensitive info on it and I do not do any banking or financial activity on it. Out of curiosity though, I took the time to take a look at the system log and see if I could pinpoint any odd activity. These are the ones I found peculiar. Is something wrong with my iPhone ?
dams-iPhone locationd[60] <Notice>: {"msg":"got location notification", "subHarvester":"Avenger"}
Jan 12 14:04:11 Adams-iPhone locationd[60] <Notice>: {"msg":"updateOperationalModeIfNecessary", "fIsAllowedToUseBest":1, "fCurrentTimeOffsetThreshold":"45.000000", "subHarvester":"Avenger"}
Jan 12 14:04:11 Adams-iPhone locationd[60] <Notice>: {"msg":"tried to harvest an empty pass cache", "subHarvester":"Pass"}
Jan 12 14:04:11 Adams-iPhone locationd(TrackingAvoidance)[60] <Notice>: <private>
Jan 12 14:04:11 Adams-iPhone locationd(PersistentConnection)[60] <Notice>: Cancelling scheduled wake for <private> wake identifier <private>
Jan 12 14:04:11 Adams-iPhone wifid(CoreLocation)[42] <Notice>: {"msg":"delivering locations to client's delegate", "self":"0x111d182c0", "delegate":"0x111e12f70"}
Jan 12 14:04:11 Adams-iPhone kernel[0] <Notice>: PMRD: setAggressiveness(0) kPMMinutesToSleep = 2147483647
Jan 12 14:04:11 Adams-iPhone kernel[0] <Notice>: PMRD: aggressiveness changed: system 0->2147483647, display 10
~iceActivityPolicy, policyWeight: 10.000, response: {Decision: Can Proceed, Score: 0.75}}
] sumScores:40.020000, denominator:42.520000, FinalDecision: Can Proceed FinalScore: 0.941204}
Jan 12 14:04:18 Adams-iPhone healthd(libxpc.dylib)[34] <Notice>: __XPC_ACTIVITY_CALLING_HANDLER__: <private>, current state 2, pending state 0
Jan 12 14:04:18 Adams-iPhone nearbyd(libxpc.dylib)[1822] <Notice>: _xpc_activity_dispatch: beginning dispatch, activity name <private>, seqno 1
Jan 12 14:04:18 Adams-iPhone maild(libxpc.dylib)[220] <Notice>: _xpc_activity_dispatch: beginning dispatch, activity name <private>, seqno 2
Jan 12 14:04:18 Adams-iPhone nearbyd(libxpc.dylib)[1822] <Notice>: _xpc_activity_dispatch: <private>: found a activity with matching seqno 1
Jan 12 14:04:18 Adams-iPhone maild(libxpc.dylib)[220] <Notice>: _xpc_activity_dispatch: <private>: found a activity with matching seqno 2
Jan 12 14:04:18 Adams-iPhone nearbyd(libxpc.dylib)[1822] <Notice>: _xpc_activity_dispatch: lower half, activity name <private>, seqno from top half was 1
Jan 12 14:04:18 Adams-iPhone maild(libxpc.dylib)[220] <Notice>: _xpc_activity_dispatch: lower half, activity name <private>, seqno from top half was 2
Jan 12 14:04:18 Adams-iPhone healthd(HealthDaemon)[34] <Notice>: com.apple.healthd.periodic-data-collection fired with activity <xpc object>
Jan 12 14:04:18 Adams-iPhone nearbyd(libxpc.dylib)[1822] <Notice>: _xpc_activity_set_state: <private>, 2
Jan 12 14:04:18 Adams-iPhone UserEventAgent(com.apple.cts)[24] <Notice>: Running XPC Activity (PID 1822): <private>
Jan 12 14:04:18 Adams-iPhone UserEventAgent(DuetActivityScheduler)[24] <Notice>: STARTING: <private>
Jan 12 14:04:18 Adams-iPhone UserEventAgent(DuetActivityScheduler)[24] <Notice>: Establish daemon connection; interrupted: 0
Jan 12 14:04:18 Adams-iPhone dasd(DuetActivitySchedulerDaemon)[126] <Notice>: STARTING activity com.apple.Proximity.LogPowerStatistics:E76C24 <private>!
Jan 12 14:04:18 Adams-iPhone dasd(DuetActivitySchedulerDaemon)[126] <Notice>: With <private> ...Tasks running in group [com.apple.dasd.default] are 2!
Jan 12 14:04:18 Adams-iPhone dasd(DuetActivitySchedulerDaemon)[126] <Notice>: Not tracking activity: <private>
Jan 12 14:04:18 Adams-iPhone dasd(DuetActivitySchedulerDaemon)[126] <Notice>: Unconstrained Available=1
Jan 12 14:04:18 Adams-iPhone dasd(DuetActivitySchedulerDaemon)[126] <Notice>: com.apple.mobilemail.powernapFetches:A802CB:[
{name: DeviceActivityPolicy, policyWeight: 20.000, response: {Decision: Can Proceed, Score: 0.75}}
] sumScores:69.030000, denominator:74.030000, FinalDecision: Can Proceed FinalScore: 0.932460}
Jan 12 14:04:18 Adams-iPhone dasd(DuetActivitySchedulerDaemon)[126] <Notice>: com.apple.Proximity.LogPowerStatistics:E76C24:[
{name: DeviceActivityPolicy, policyWeight: 10.000, response: {Decision: Can Proceed, Score: 0.75}}
{name: MemoryPressurePolicy, policyWeight: 5.000, response: {Decision: Can Proceed, Score: 0.50, Rationale: [{[memoryPressure]: Required:2.00, Observed:1.00},]}}
] sumScores:35.520000, denominator:40.520000, FinalDecision: Can Proceed FinalScore: 0.876604}
Jan 12 14:04:18 Adams-iPhone dasd(DuetActivitySchedulerDaemon)[126] <Notice>: com.apple.healthd.periodic-data-collection:A10413:[
{name: DeviceActivityPolicy, policyWeight: 10.000, response: {Decision: Can Proceed, Score: 0.75}}
] sumScores:40.020000, denominator:42.520000, FinalDecision: Can Proceed FinalScore: 0.941204}
Jan 12 14:04:18 Adams-iPhone nearbyd(libxpc.dylib)[1822] <Notice>: __XPC_ACTIVITY_CALLING_HANDLER__: <private>, current state 2, pending state 0
Jan 12 14:04:18 Adams-iPhone nearbyd[1822] <Notice>: PRXPCActivityManager state: <private>
Jan 12 14:04:18 Adams-iPhone nearbyd[1822] <Notice>: running activity with identifier: <private>
Jan 12 14:04:18 Adams-iPhone nearbyd[1822] <Error>: Tried to send command to rose, but not ready for comms.
Jan 12 14:04:18 Adams-iPhone nearbyd[1822] <Error>: Rose returned error. Command type: <private>
Jan 12 14:04:18 Adams-iPhone nearbyd[1822] <Error>: Unexpected outputBuffer size (<private>) for AOPRoseError (<private>)
Jan 12 14:04:18 Adams-iPhone nearbyd[1822] <Error>: failed to fetch power stats during activity
Jan 12 14:04:18 Adams-iPhone nearbyd(libxpc.dylib)[1822] <Notice>: _xpc_activity_set_state: <private>, 5
Jan 12 14:04:18 Adams-iPhone UserEventAgent(com.apple.cts)[24] <Notice>: Completed XPC Activity: com.apple.Proximity.LogPowerStatistics
Jan 12 14:04:18 Adams-iPhone UserEventAgent(DuetActivityScheduler)[24] <Notice>: Establish daemon connection; interrupted: 0
Jan 12 14:04:18 Adams-iPhone UserEventAgent(DuetActivityScheduler)[24] <Notice>: Establish daemon connection; interrupted: 0
Jan 12 14:04:18 Adams-iPhone UserEventAgent(com.apple.cts)[24] <Notice>: Rescheduling XPC Activity: com.apple.Proximity.LogPowerStatistics
Jan 12 14:04:18 Adams-iPhone UserEventAgent(DuetActivityScheduler)[24] <Notice>: SUBMITTING: <private>
Jan 12 14:04:18 Adams-iPhone UserEventAgent(DuetActivityScheduler)[24] <Notice>: Establish daemon connection; interrupted: 0
Jan 12 14:04:18 Adams-iPhone dasd(DuetActivitySchedulerDaemon)[126] <Notice>: COMPLETED com.apple.Proximity.LogPowerStatistics:E76C24 at priority 30 <private>
```
Best Answer
The log snippets you have included contain no evidence of hacking.
The observations you have are some that would most likely come with normal use of the phone.
All in all, there's nothing specific that indicates any form of hacking. I would say that it is very (!) unlikely that your phone has been hacked.