Apple imposes certain restrictions on which apps can be installed on a device. Further, no app can gain access to information and data on the device or another app without being given authorization. This restricts the potential of an app due to the limited administrative rights allowed by Apple. Jailbreaking allows a person to bypass licensing terms and gain access to critical administrative rights. This enables the hacker to:
- Remove any restrictions imposed on software and applications by the manufacturers. This, in turn, allows the installation of apps on jailbroken devices that cannot be used otherwise.
- Replace or change any app, setting, or file.
- Install tweaks and themes through unofficial App stores like Cydia, available on jailbroken iPhone and iPad devices.
- Get in-app purchases and paid apps for free.
- Hack and use cheats for games.
Additionally, as an iOS developer, you may want to jailbreak your Apple device to test your apps, install software on devices, and check the security level of the apps.
It is also easy to see how jailbreaking can threaten developers like yourself. A penetrator can easily bypass all the hard work, effort, and money you put into developing an app.
So, how can you protect your apps from jailbreaking? Here is where jailbreak detection comes into play!
Ready to protect your app?
Start 30-days FREE TRIAL. No credit card required. Deliver Secure Mobile Apps Faster in minutes with the leader in application security.
What is Jailbreak Detection?
Jailbreak detection is the process by which you can figure out if an app is running on a jailbroken device or not. Though it seems like a relatively simple process, iOS detection for jailbreaking is not as straightforward as it may seem. Several complex processes and operations take place in a jailbroken device, otherwise absent in a regular device. This difference can be used for jailbreak detection.
Why is Jailbreak Detection Difficult?
Hackers use all sorts of tricks to achieve their goal of jailbreaking devices. Further, there are many types of jails, and each one has a different set of methods that can be used to detect them. In addition, the detection methods themselves change over time, meaning that once a jail detects the status of a device, the next time the user reboots the device, they might be in a different type of jail. The jailbreak detection methods can also change with each version of iOS, so it is difficult to predict what the detection method will look like.
How Does Jailbreak Detection Work?
One key fact that iOS detection for jailbreaking can depend on is figuring out if the app is asking for more resources and app data than allowed by the Apple operating system. The app may also look for other applications like Cydia, available only on jailbroken devices.
Jailbreak Detection Methods
There are several jailbreak detection methods that you can use to prevent jailbreaks. Some of them are rather simple and are usually the ones easily bypassed by hackers. Some complex methods are a bit more difficult to bypass. We will look into a few of them below:
Booting
This iOS detection can be found on all devices. As soon as you boot or restart your device, the software checks whether all the processes, apps, and data are in accordance with the Apple guidelines and privacy policy. This is like a mandatory jailbreak detection method.
Any app that isn’t consistent with Apple’s administrative rules will not be allowed to function. This is why some apps must bypass jailbreak detection every time they are run on a jailbroken device.
File System
All the files and data in the system are stored in appropriate places with specific names. If a device is jailbroken, there is a change in the files stored. They can be renamed, changed, or even removed. This change in the file system can be used to detect jailbreaking in the device. Usually, jailbreaking creates some extra files in the file system. The following can be one of many extra files created in jailbroken devices:
- /private/var/tmp/cydia.log
- /Applications/RockApp.app
- /Applications/FakeCarrier.app
- /usr/bin/sshd
- /var/cache/apt
Extra Permission in Directorie
When a device is jailbroken, there may be some alterations in the permissions that certain files and folders might have. This extra access to administrative rights is another indication of the device being jailbroken.
A Large /etc/fstab fil
This is the file that acts as a mount point in Apple devices. When a device is jailbroken, usually some entries would be added to this file, increasing its size. So a large /etc/fstab file is another way to detect the presence of a jailbroken device.
Presence of Jailbroken Apps
There are certain apps that are present only in jailbroken devices. For example, Cydia (an app store), Frida (a tool used by app developers and reverse engineers), etc.
Files in Other Pathway
The data created by certain apps are restricted to a particular folder in the Apple device, usually in the Applications folder. In a jailbroken device, the app can create and store data in other folders in the system directory.
These are just a few ways of detecting jailbreaking in iOS devices. However, hackers are always looking out for loopholes to bypass the jailbreak detection methods and gain access to data. Being aware of how this can occur is important to effectively prevent your apps from being jailbroken.
Preventing Jailbreaks
As an iOS app developer, there are certain things that you can do to prevent iOS jailbreaks. The following are some actions your app can take once the jailbreak is detected:
- You can have the app shut down with a notice that the device has been jailbroken, so the app cannot function on it.
- Your app could shut down silently without any notice to the user.
- The app could function normally without the intervention of the jailbreaking process. This can be more difficult to execute than the other two options, but not an impossible task.
Final Thoughts
Jailbreaking in itself may not be illegal, but the purpose for which jailbreaking is used can be a serious threat to people using the device. As an app developer, jailbreaking can compromise the security of your device and pose a threat, especially if your app is used to store important information such as bank details. So, it is better to prevent jailbreaking for security.
Appsealing is a security solution for iOS applications. It provides protection against jailbreak detection and integrity protection to ensure that the application code is not tampered with. We also provide anti-debugging and anti-trace capabilities so that no one can trace your app or find any error in it.
Fully optimized for the mobile environment, apply the SDK based solution for:
- Jailbreak detection
- Integrity protection
- Anti-debugging
Ready to protect your app?
Start 30-days FREE TRIAL. No credit card required. Deliver Secure Mobile Apps Faster in minutes with the leader in application security.