How Can I Avoid Safari as Default Browser

Hi - I’ve been hacked and my Safari is manipulated remotely and using iOS/iPhone I am hoping someone knows how I can adjust settings for IFFFT or Scriptable so that Safari is not the default browser that is used. I have it turned off via Screen Time etc. but both still automatically still open in Safari - nullifying my intended applets/scripts. Any help would be greatly appreciated on this topic.

Separately if anyone knows how to verify the security of APIs and UUIDs or how to resecure them if they have been breached by a hacker I would appreciate any insight in that regard as well.


What do you mean by “hacked” and “manipulated remotely”?

It’s a long complicated nightmare involving law enforcement but long story short repeatedly (I’ve worked with the best cyber experts) my Safari (among other things) are accessed and used by someone other than myself (highly sophisticated hacker) e.g. I don’t use Safari but have pages of history showing sites a hacker would visit re: APIs CDNs UUIDs etc. I just stem the tide util law enforcement resolves the case I’m a part of and not using Safari myself is one way I do that. So the automatic use of Safari by IFFFT Scriptable etc. is something I am hoping I can avoid.

I’m not sure what your setup is or what exactly is happening that you didn’t set up yourself, but I can tell you what each of the things you mentioned being opened in Safari is:

  • CDN: a content delivery network. All major websites use these to serve content like images. Completely benign thing to look up.
  • API: application programming interface. In the context of the Internet, it’s a web service for apps to access behind the scenes. Lots of apps and sites depend on various APIs to function. Again, benign in most cases.
  • UUID: universal unique identifier. This is just a string of text that is (hopefully, if the algorithm to generate it works correctly) pretty much unique. Once more, benign in most cases.

Basically, behind those abbreviations, which may look scary if you’ve never seen them before, there is literally nothing worth worrying about in those searches (aside from the fact that you’re not the one typing those in). I would not exactly call them “hacker”-type searches. A hacker would be a lot more interested in acquiring things that belong to you, not generic pieces of web developer knowledge.

If someone is just opening junk tabs like that, I’m doubtful that there’s any hacking actually going on. Without being able to see your setup for myself, I’m inclined to think that someone got ahold of your phone and set up a few personal automations as a prank.

Check the Automations tab in Shortcuts. If there are any automations in that tab that you didn’t create, delete them. Automations are a fairly common tool for kids with access to someone else’s device to troll the owner, and they don’t require or enable remote access to your device at all; they just run locally and do what they’re set up to do.

1 Like

Have “the best cyber security experts” recommended you factory reset your device/buy a new one, and reset the passwords on any compromised accounts you might have?

Trying to automate a switch in browsers is a curious approach to using what is effectively and untrusted device. Especially when you noted the issues do not only affect Safari.

I do think the wrong issue is trying to be resolved here. @FifiTheBulldog notes a potential explanation how something could appear hacked, but not be, but I would have expected the security people you have been liaising with to have verified that sort of thing within minutes of communicating with you.

Proceeding on the assumption that the experts have already ruled that out, it would be useful to share more about what their recommendations to you were. I’m struggling to see what reason they would have for you continuing to use the device as is and also changing what app you would use on it for web browsing.

Thanks for your kind and thoughtful insights. Yes, I have left out a great deal of information as the Safari auto default was the bottom line in the moment need I was hoping to address. You are correct in that there is a tremendous amount of information beyond what I’ve shared as this takes up a great deal of time, so when it isn’t necessary to explain the massive cyber crime case of which I am a part w/ law enforcement, legal, cyber experts that will take a long time for a resolution and not responsive to a small problem such as the one I posed, I tend not to go into the details. However, re: the Safari history - it is a small piece, but the sites document how my device and apps were granted tokens allowing remote control/locking me out of my own device’s apps, features etc. resulting in a process of deactivating the malicious API tokens through third party intervention. Apologies, if my brief request leaving out 99% of my case was frustrating as I was just focused on a solution re: Safari.

It sounds to me like the logs and details would already have been captured as part of your involvement in such an indepth and broad investigation. After all, you have been able to retain or subsequently gained back your device. Therefore you would be free to do with it as you wish … otherwise you would not still have it. It would be in an evidence bag somewhere. If this has not been done, then your device and details are not critical to the investigation.

I am shocked that the parties involved have seemingly not provided any instruction to you as to steps to take next, and I would advise you to ask them explicitly in case they have communicated it and you have accidentally overlooked it.

My recommendation would be at the very least, to factory reset that device to remove any potential malicious software that may be on it. Replacing it entirely would be the ideal, but I appreciate this is not always financially viable. It comes down to cost vs peace of mind.

In addition, you should also be resetting credentials (passwords, keys, etc.) to all of your accounts, adding multi-factor authentication where available, and following as many of the other standard good practices as practical, to get yourself, your devices, and your services use back to as clean and protected a state as possible.

I just tried changing my default browser to Chrome and couldn’t get anything to open in Safari.

What actions are causing Safari to open?

Didn’t those cyber experts tell you that you should not post your email address on a public forum?

I think it would be better if you remove it.