Tell me that I haven’t been Hacked

Looks like a portion of a crash dump that has been encoded into a structured format – probably with the idea that the people for whom the analytics is meant will feed the text into a tool that understands this format.

I'm sorry, but you are the one who bears the burden of proving that you have been "hacked."

If you are being "hacked" by a determined adversary who has the skills and resources that it would likely require to pull that off, you need more help than you are likely to be able to get for free in a public forum. That sort of help is likely to be very expensive as you will be paying extremely qualified people (who command high salaries) to spend lots of time, and even then, if your adversary is someone like, say, the successor agency to the KGB, the hack may be so subtle and hard to detect that the people you hire will take a long time to find it – IF they do find it.

If you are a person "of interest" to very-well-financed adversaries, and you are paranoid about security, then maybe you would be interested in the following features:

About Lockdown Mode - Apple Support

How to turn on Advanced Data Protection for iCloud - Apple Support

[Edited by Moderator]

hackerkiller wrote:

Phones been in lockdown mode and it has been somewhat beneficial, along with screen time restrictions and blocking some websites. I’m clearly not as worried about the security as I am learning about what is happening and if possible, why. I feel no need to doxx myself to anyone here, as imho it shouldn’t matter who I am or what I’m worth. It should matter that I’m a customer and belong to the community. I’ll also say this for what it’s worth-a personal vendetta is often done out of spite, and to the detriment of the perpetrator; not necessarily for a particular gain other than seeing the victim be a victim. Not saying I’m sure this is the case, but it’s what it feels like. I appreciate the humor and the response…

This thread will unfortunately fail to achieve your stated goal of obtaining help with a reported hack.

Why will this thread and this approach fail to achieve your goal? In no particular order:

• You’re evading answering direct questions. That’s your choice certainly, but that info factors into the discussion. And posting personal info is, as you comment, a bad idea.

• You’re seeking data forensics help for exploit tooling worth millions of dollars, and that help via an anonymous forum. Forensics inherently involves direct device access, and involves asking some very personal questions. And the report preferably involves some background information on your risks, and preferably also either supporting or at least some strong circumstantial evidence of being a target.

• The supporting evidence posted here includes analytics showing an installed Runner-named app is built using Firebase, and some JavaScript chatter. You’ll either need to explain why that analytics data is something beyond what it appears — benign analytics chatter — or find some better evidence of the reported compromise. Posting benign analytics data is unhelpful for the reported hacking activity.

Short of hiring forensics assistance, read up on performing data forensics analysis, and learn how to present ypur evidence. That evidence can include why you are specifically at risk, and what unusual symptoms or misbehaviors have been encountered and why those symptoms support your case. Unfortunately for this, some apparently-benign log chatter from a Runner-related app using Firebase is not going to be part of that.

Here is an example of what a security report can look like, and should include:

• https://security.apple.com/bounty/guidelines/

Here are write-ups on iPhone exploits from organizations that perform forensics:

• https://citizenlab.ca/2023/09/predator-in-the-wires-ahmed-eltantawy-targeted-with-predator-spyware-after-announcing-prehttps://netalert.me/

• https://googleprojectzero.blogspot.com/2025/03/blasting-past-webp.html

You won't need to provide that level of technical detail, but you will need something between what has been posted here, and that write-up.

If you are potentially targeted, some related reading:

• https://www.pcmag.com/news/the-feds-have-some-advice-for-highly-targeted-individuals-dont-use-a-vpn

• https://www.cisa.gov/resources-tools/resources/mobile-communications-best-practice-guidance

hackerkiller wrote:What I am after is knowledge, i couldn’t care less about being “validated” by the Apple communities. If it’s something else I’m fine with that, but educate me and tell me what it is. Don’t tell me it’s not possible because it is until proven otherwise. And yes, that goes both ways I understand that…

Apple provides no course in reading Analytic logs, their sole purpose to to be used by them internally when a specific log is requested by an Engineer after a Support Ticket has been opened and only if that Engineer would think it would be useful. If you choose to send analytic logs to Apple automatically, they will use it for product development and improvements. Information sent to Apple is done anonymously.

Legal - Device Analytics & Privacy- Apple

The problem you are facing is that you are trying to use these logs to prove or not prove you are hacked and you not going to find that out by looking through any of the logs. None of us have anything to prove to you while you go along this journey. I don't fault you for asking here, but I think the answer has been made clear over and over again.

You will see many things in logs that you may find concerning, but that is simply because they are not in a user readable format to make any sense to you. All of us have been down this road before. Here are some common ones that scare people including what you have posted and also concerns of others:

• Scavenger as seen in your original log is what JavaScript calls their Garbage Collection process to free memory.
• BitFrost.bundle is part of the iOS framework and Jeff is correct that it is used for SOS and other network processes. A simple search on the internet shows the same concern you had and also the actual truth about what the process does. Sorry, you cannot rely on AI here as the Google models are trained on Social Media posts and they specifically partner with Reddit where much of this false information is regurgitated by Gemini.
• Firebase and Flutter are both frameworks that are bundled in many apps that are available on the App Store. I cannot tell you if Apple uses them with their apps, but to be honest it would not surprise me and that would not be a sign of anything nefarious.
• "Roots" is seen many times in log files and does not mean your device has been rooted.
• Pegasus.Framework is another one that scares people, and once again it is part of not only iOS, but also MacOS and has been for many years even before there was any such thing as Pegasus Spyware.
• "Goodnight, Gracie" is actually a funny one that some have thought their device was being manipulated by a user named Gracie. It is just a log an engineer used for notification that the network connection was no longer needed.

https://jonnywot.blogspot.com/2009/11/interesting-new-easter-egg-in-mac-os.html

If you want a suggestion, reset your device to Factory Settings and do not restore from a backup. Yes, all data will be lost, but you will be starting with a clean slate which I think is exactly what you want to do. Being that you also indicated that your Android device has shown signs it has been hacked also, it would appear you are just looking for something that you are not going to find in the analytic logs. One thing I can assure you of is that a nefarious process is certainly not going to be logging anything to make themselves visible.

OK. You have NOT been hacked. And trying to read Apple Analytics is like hopping on a spacecraft and landing on a planet where the beings speak a language you don't understand. ONLY Apple has the ability to read, with very specialized tools, Analytics.

What you have posted does NOT indicate anything close to be being hacked. It is extremely difficult and outrageously expensive to even try to hack an iPhone. If you are at the highest levels of society (Congressman, Senator, Ambassador, CEO of a Multi-Milliond $ Corporation), you may be worthy of a hacking attempt. If you aren't, you most assuredly haven't been hacked.

Let me preface this my saying I’ve seen many analytics reports. I’m a former Apple Store manager. Analytics are not designed to detect hacking. It’s not their purpose or function.

Analytics are designed to provide information about your device, Apple supplied software, hardware and information about third party apps to the respective developers and engineers.

Analytics is not designed to detect hacking. It may provide indicators that hacking was attempted. Only specialist trained in hacking forensics would be able to determine that. But at best, it would only provide clues, not definitive evidence. Obtaining the clues requires specialized software and training. Apple Store Geniuses do not have the training or access to tools necessary to detect hacking attempts.

If you believe your iPhone is compromised, hire a forensic hacking expert to review your device.

No, it's 99.999% a certainty you have not been hacked.

Analytics in no way suggests hacking.

Stop poking around in things you do not understand.

sorry to burst your bubble, but unless you are literally worth millions of dollars in actual money, information or activities making someone very powerful uncomfortable,, which is what it costs to actually hack an iPhone remotely, you have not been hacked.

You simply are not important enough to warrant the complex and expensive nature of iPhone hacking tools and personnel to do so.

Getting to this thread a bit late here however as someone with a cybersecurity background, if you have any suspicion at all that you have been "hacked" you should promptly follow the previously prescribed advice in this thread regarding factory restoring any affected devices, NOT restoring from backup, and then slowly re-add any of your sanitized files from that point and you will be fine.

As to how you got "hacked" anyone's guess. If you were legitimately "hacked" there are so many attack vectors and the damage has been done. Without a darn good reason of performing a very expensive forensic assessment on the device its best just to accept what you can't control and move on with a fresh setup and take it as a lesson learned.

From the log data you posted it just looks like a crash report from an app called Runner on your device. Perhaps related to a workout app of the same name installed on your device? Maybe check with the developers support site to see if this is a known bug or issue with their app.

The activity you have posted and described here certainly would not have me losing any sleep or thinking I was "hacked." Take this for what that's worth.

Best of luck to you, secure your devices and move on.

Cheers

Gandolf243 wrote:

Where did you find this, it looks like one of Apple’s computer codes.

Do you have the app runner on your iPhone?

You can find this stuff in: Settings > Privacy & Security > Analytics & Improvements > Analytics Data.

hackerkiller wrote:

You work for Apple? If not and only they can read it, how can you be so sure? Full disclosure this is only roughly 1/4 of the info. And you’ve no idea who I am or what I’m into. Don’t be so presumptive lol. Pro sports, celebrities, influencers, private citizens with wealth can’t be targets?

Of course they can be targets. I gave examples, NOT a comprehensive list of people who might be targets. Are you someone so important that someone would want to invest massive amounts of money into hacking you? If you are, airing your unsubstantiated claim here is pointless. You have provided ZERO evidence you've been hacked, except useless Analytics. And if you have been hacked, you need help that cannot be offered here. Hire someone if you truly think you've been hacked. Otherwise, you're kind of wasting your time here.

that I haven’t been Hacked

Those word salads are useless to you and me. We don’t have the training and software to understand them.

Your phone is perfectly fine.

hackerkiller wrote:

Please look at my prior post for context into what’s been going on.

You haven't given any context. Random snippets of Analytics are not context. Context would be issues that you've observed with your hardware or your Apple Account. Is your phone acting differently? If so, how? Be specific. Do you have two-factor authentication enabled on your Apple Account? If so, you'll be notified of attempts to log in. If you don't have it enabled, do so now.

Again, if you are in that very small group of people whose data would be worth hundreds of thousands of dollars to acquuire (I neither know nor care if you are or are not), then, as noted previously, you need to hire professionals.

What are you experiencing? You haven’t provided any evidence of being hacked.

Apple analytics is designed to provide information related to hardware and software installed on the device. Analytics is an Apple core product and is installed on all iPhones.

The snippet I see is out of context and indicates an error, possibly a crash but not enough context, of a Java script error related to a memory issue. I’m not a hardware engineer and it could be something as simple as a bad memory sector. It could be a third party app, trying to access Java memory, most likely a website you visited. As I recall, Safari (and other web browsers) are the principal users of Java these days.

You have not been hacked.

Stop poking around in the analytics. You don't have the tools or the training required to accurately interpret them.