I’ll go ahead and close this thread. Discovering a ‘kids’ keyboard (keylogger) permissioned and tied to my life’s vault (SS, DL/PSPORT/TITLES/BANKING/CREDIT/ etc. was shocking to say the least. After rebooting my device at apple as the ATO exec at my bank mandated in order to open a new account, and regain permission to use online banking, i was restricted/locked out of logging into my apple id. The genius bar tech was confused and said he hadnt seen it before (he could have been new) but the iPhone screen was dark black sand in lighter greyish type it said: Your account is restricted. Either your APPLE ID, or you device are Managed’. I thought it strange that somehow you could restrict one and not the other? Maybe it was a fake or phishing prompt, but I called apple tech in austin and he confirmed it. this is why when i found these cruising around my analytics for ‘details’ of this, finding this was weird: Payload manifest: bplist00)OrderedProfiles^HiddenProfiles i_8com.apple.ATT_NR_US.f7eb2f44-daOe-11eb-8349-f45c89abb0d9 mc meta: bplist00Ô_LastMDMMigratedBuild_LastMigratedBuild&StopFilteringGrandfatheredRestrictions_ AllowedGrandfatheredRestrictionsU21G93Ñ who knows. Life goes on. I’ll shut this down, thanks to anyone who took the time review or respond. Many thanks, and please be good to yourselves.

Hey thanks for responding!!! of all the log files I have those are not the most concerning (Although I know my place well enough not to make any kind of meaningful Inferences or speculation unless you’re a developer, in which case, golf clap for you……. I actually did lose my bank account, someone tried to open in my name. I found a Keylogger on my iPhone permissioned and attached to my AURA app- its a developer keyboard, and It’s just sitting there one hop from settings/aura and it’s 3 permissions- location, local network, then something called ’kids’. I’ve never seen a keyboard attached to any app before and figured that was cute of the company, they are giving kids the chance to appreciate and learn digital hygeine and identity management at early age. But a click further asks full access and iOS bubble alerting this Developer keyboard can store your data and Stores any information inputted into keyboard. hmm. ive had it out with aura, no joke a kind of juiced up lifelock, monitoring and storing, laughingly, bank and credit account and routing info, SS, passport #, DL, credit bureau info, property and titling info, and the same thing keeps happening that happened with the bank- a personal emaI I lost admin access to despite passing 2+3 factor, my passport, my selfie- someone else’s number then appeared in the recovery options and i failed identity verification to re acct 4 times in a row- kept showing up as my primary anchor for alerts and even overtook my cell phone in priority/privelege DESPITE repeatedly having To go into a BOA branch with 2 forms of identification in order to remove it due to fraud on account/suspicion. It reappeared 4 times with BOA after I kept going in and telling them this story, wash rinse repeat with Amazon.com, Gmail, and just today Venmo and bitdefender are telling me new email AND new devices wholly different in user agent and brand and device type (freebsd On desktop with a modem/ethernet link, while I’m not only on iPhone 15 but my device is linked direclty to these apps and accounts and Ive seen in each one’s logins them correctly identify my user agent and tls fingerprint before. Then either another device logs in a minute or 2, always after me, showing different signature, but what’s galling is their API reader or whatever after correctly reading me right for 50 logins suddenly forgets my device is registered in that app with a nickname attached and now getting alerts new and unknown device attempting login followed a min later. worse, today, no joke produced a darkweb hit of my gateway IP for air with att and it leaked a month ago from a site called mspy which is de-facto stalkerware and spyware. My iPhone continues to dent my password askint for the password to my other iPhone. Hidden profiles/ after last firmware reboot I got blocked from login to my Apple ID with the error either my Apple ID or my device is managed and I have restrictions. dunno Akamai peering shows up in trace, my ports 21,22,1723, 8443 are open reading only my devices on my cellular network. I’m won’t get into my work and so forth but anyone who’s very high in corporate cyber has told me they believe originated with cloud and key_sync something and I have all the indications of an enterprise Managed device/profile. I trust Apple would defeat most any malware or virus- whatever happened to me seems low tech and crude but I was so tech ignorant up until literally the last month or two it’s shameful to share how bad my hygiene was. I was oblivious to this entire universe for 40 years and happy that way. This came out of nowhere with an initial DOS router and brute force hack ID’d and explained like a child to me what this log insicates etc. escalated from there. Anyhow this is a Hail Mary man. someone Tried open a bank account this week in my name and I got scolded by a top level BOA security guy whos only Concern wasn’t me but the liability my devices posed to their architecture or whatever. Blew my mind. litetally a department in BOA named account takeover I had to deal with. Scolded me for not addressinf it sooner. Wtf. I’m not a cyber tech. Anyhow I’m Out. Be good.

ADDENDUM TO ABOVE——— it won’t let me add attachment files, or photos, as a reference which ughhh- but I wanted to correct something noted above- lockdown caught a process and warned my iPhone main screen, something CALLED- ‘REMOTECLOUDQUOTAUI”, tried to run in lockdown and Apple gave me an alert preventing the process, whatever it is. I do nothing remote and own no computer. Also of note: Last week, my cell wouldn’t accept my appleid pin and I got a apple security prompt- asking me to provide the password for “MY OTHER IPHONE” when my device code failed to LOGIN- I’ve HAD Apple ask me similarly, to provide device challenge for password/login for password ‘of my iPad’ on my iPhone, as a security protocol, however I don’t have another, nor couldn’t afford another, iPhone. this didn’t make sense at all. In sum, I DONT BELIEVE this is an exploit targeting apple and overcoming their architecture and opsec, I’m not rich or famous and barring zero day or Pegasus I don’t see anyone getting through their layers- initial thoughts leaning toward configuration/settings manipulation through Apple ID/cloud access unauthorized , or something in the species of remote admin as a profile (enterprise/admin) without consent. My idiots 2 cents. Y’all….. II AM LOOKING FOR ANY SUGGESTION, SPECULATION, FEEDBACK OR INPUT- I just want pointed in a direction. Any feedback is SUPER APPRECIATED!! ~ I never knew there existed any manner of intelligence out there I couldn’t reconcile on some basic level with, but cyber/programming/IT is absolutely foreign to me I’m barely afloat realizing I have zero aptitude in this discipline. Respect to those who do. for Developer interest I’ve pasted my remotec dump state from syslog. Just seems like a lotta REMOTE and UNTRUSTED stuff…….. I know analytics is strictly for pro’s, but I’m in developer arena, so this is a Hail Mary. if anyone has ANY HINT OF A CLUE WTF is going on here, please lemme know!!:) much appreciated! LOCAL DEVICE UUID: 191A01ED-0763-4BA4-95C6-B28CFFDA56B1 Messaging Protocol Version: 3 Product Type: iPad14,11 OS Build: 17.6.1 (21G93) Properties: { AppleInternal => false CPUArchitecture => arm64e ChipID => 33042 EffectiveProductionStatusSEP => true EthernetMacAddress => 28:83:c9:34:e0:e6 HWModel => J538AP HasSEP => true HumanReadableProductVersionString => 17.6.1 ThinningProductType => iPad14,11 IsUIBuild => true RegionInfo => LL/A RestoreLongVersion => 21.7.93.0.0,0 DeviceSupportsLockdown => true EffectiveSecurityModeAp => true SigningFuse => true SupplementalBuildVersion => 21G93 BuildVersion => 21G93 OSVersion => 17.6.1 SensitivePropertiesVisible => true Image4CryptoHashMethod => sha2-384 MobileDeviceMinimumVersion => 1643.100.59 ProductName => iPhone OS ProductType => iPad14,11 SerialNumber => M74J7XG3K2 BootSessionUUID => EC2A6814-F2BF-4057-AF71-7A631E42EA36 BoardId => 22 DeviceColor => 1 EffectiveProductionStatusAp => true EffectiveSecurityModeSEP => true StoreDemoMode => false UniqueChipID => 3467353379086366 UniqueDeviceID => 00008112-000C518A1E78A01E OSInstallEnvironment => false RemoteXPCVersionFlags => 72057594037927942 CertificateProductionStatus => true CertificateSecurityMode => true DeviceClass => iPad DeviceEnclosureColor => 7 ModelNumber => MV6U3 RegionCode => LL SecurityDomain => 1 HardwarePlatform => t8112 Image4Supported => true IsVirtualDevice => false } Services: com.apple.sysdiagnose.remote com.apple.internal.dt.coredevice.untrusted.tunnelservice com.apple.dt.remoteFetchSymbols com.apple.remote.installcoordination_proxy com.apple.mobile.lockdown.remote.untrusted com.apple.mobile.notification_proxy.remote com.apple.preboardservice.shim.remote com.apple.mobile.notification_proxy.shim.remote com.apple.mobile.heartbeat.shim.remote com.apple.osanalytics.logTransfer com.apple.dt.remotepairingdeviced.lockdown.shim.remote com.apple.accessibility.axAuditDaemon.remoteserver.shim.remote com.apple.mobile.insecure_notification_proxy.shim.remote com.apple.mobile.installation_proxy.shim.remote com.apple.internal.devicecompute.CoreDeviceProxy com.apple.atc.shim.remote com.apple.mobilebackup2.shim.remote com.apple.afc.shim.remote com.apple.misagent.shim.remote com.apple.RestoreRemoteServices.restoreserviced com.apple.mobile.file_relay.shim.remote com.apple.atc2.shim.remote com.apple.crashreportmover.shim.remote com.apple.internal.devicecompute.CoreDeviceProxy.shim.remote com.apple.mobile.assertion_agent.shim.remote com.apple.bluetooth.BTPacketLogger.shim.remote com.apple.pcapd.shim.remote com.apple.idamd.shim.remote com.apple.security.cryptexd.remote com.apple.companion_proxy.shim.remote com.apple.backgroundassets.lockdownservice.shim.remote com.apple.sysdiagnose.remote.trusted com.apple.mobile.insecure_notification_proxy.remote com.apple.mobile.lockdown.remote.trusted com.apple.mobile.storage_mounter_proxy.bridge com.apple.carkit.service.shim.remote com.apple.webinspector.shim.remote com.apple.mobile.diagnostics_relay.shim.remote com.apple.mobile.house_arrest.shim.remote com.apple.mobileactivationd.shim.remote com.apple.mobilesync.shim.remote com.apple.preboardservice_v2.shim.remote com.apple.PurpleReverseProxy.Conn.shim.remote com.apple.fusion.remote.service com.apple.GPUTools.MobileService.shim.remote com.apple.mobile.mobile_image_mounter.shim.remote com.apple.mobile.MCInstall.shim.remote com.apple.syslog_relay.shim.remote com.apple.crashreportcopymobile.shim.remote com.apple.iosdiagnostics.relay.shim.remote com.apple.PurpleReverseProxy.Ctrl.shim.remote com.apple.streaming_zip_conduit.shim.remote com.apple.springboardservices.shim.remote com.apple.commcenter.mobile-helper-cbupdateservice.shim.remote com.apple.amfi.lockdown.shim.remote com.apple.os_trace_relay.shim.remote com.apple.corecaptured.remoteservice _———