What is a Jailbreak and how it works?

The jailbreak has been with iOS devices since iOS 1.0 so denying its importance in iOS development is a bad move. As developers, we must take into consideration the big number of iOS users who chose to jailbreak either for fun or for tweaks, themes, and hacked games.

The jailbreak process itself relies on a chain of exploits (which usually change from a jailbreak to another) that are taking advantage of security flaws in a specific iOS version or multiple iOS versions. The jailbreak tool usually comes either a computer program running under macOS or Windows that requires the device to be connected to be able to perform the jailbreak or an IPA (iOS App) that is directly deployed to the device and performs the jailbreak from the iOS side.

What is the jailbreak in the first place?

Jailbreak is a term that pretty much sums up the processes involved in it. The iOS system is normally heavily secured with Kernel Patch Protection (KPP), Apple Mobile File Integrity (AMFI), CodeSign, Read-Only System Partition, Application Sandboxing and so on. During the jailbreak process, most of these systems are deactivated either temporarily or permanently to allow arbitrary code execution and apps that are modifying iOS itself to run via the Mobile Substrate (formerly Cydia Substrate).

In a nutshell, jailbreaking is the process in which a tool is used to exploit and deactivate various security mechanisms on iOS to be able to run unsigned arbitrary code, and to perform modifications to the iOS system that would normally be impossible.

Can any iOS version be jailbroken?

Well, not really. In theory, any iOS version to date can be jailbroken by a group of talented hackers, and it has been proven (at the time of writing this, KeenLab (a security researchers team) has managed to privately jailbreak iOS 11.1.1 (the latest iOS version as of writing this), but these jailbreak tools are not always published.

Most of the times, jailbreak users are forced to run an older iOS version for which a jailbreak exists. If they decide to update, they lose the jailbreak and the ability to jailbreak until a new tool is published months or maybe years later. Jailbreak users tend to also not be using the newest hardware from Apple due to the complexity to jailbreak it. iPhone 7 / 7 Plus have a jailbreak for iOS 10.1.1 and lower iOS 10.x, but it is very unstable, close to unusable, nothing compared to iPhone 6, 5S, SE 6S, etc. The iPhone 8 / 8 Plus have no public jailbreak as of writing this, and the iPhone X has been privately jailbroken but there is no tool publicly available currently, so hard luck for those who wanna combine the latest hardware with the ability to tweak or theme iOS.

What are the benefits of a jailbreak?

Well, most jailbreak users do it because it allows iOS Themes to be installed from Cydia (some of them are quite dope), iOS Tweaks (small programs that modify the way a part of iOS behaves or looks), and hacked games / applications. Some users also jailbreak to have access to the file system or just because it is fun. However, the jailbreak is no longer what it used to be. Pre-iOS 10 jailbreaks used to be very stable, eventually untethered*, and easy to install. iOS 10 didn't have so much luck in this regards. The iOS 10 jailbreak although good, is unstable, reboots the device quite a lot, can take a few attempts to be applied, has to be re-signed (the IPA) every 7 days unless you use a Developer Account ($99/yr) and is not untethered.

* An untethered jailbreak is a jailbreak that persists after reboot. A tethered or semi-tethered jailbreak happens when the user reboots the device to stock mode, then the user has to open the jailbreak application, press a button, wait for a re-spring (quicker than a full reboot) and be jailbroken again. Past 3 jailbreaks have been semi-tethered. Untethering the jailbreak requires additional exploits, hence additional vulnerabilities to be found on iOS.

Is jailbreak even legal?

Yes, the jailbreak is currently legal as of writing this, but that doesn't mean it is safe. Jailbreaking officially became legal in 2012 when the Library of Congress made an exemption to the Digital Millennium Copyright Act (DMCA). The same document has been revised in 2015 and the jailbreak remained legal. The legal status of the jailbreak may change in the future so you may wanna check the current DMCA status.

About jailbreaks and security

Jailbreaking your device sure is cool, but has a lot of trade-offs. The biggest trade-off is probably the security. Since most iOS Security mechanisms have been deactivated for the jailbreak to work, malware feels very comfortable on your device should you get infected. Most jailbreaks come with an SSH client installed (either DropBear or OpenSSH). The default credentials for these clients is root for the username and alpine for password on all devices. Jailbreak developers advise users to change the password after jailbreaking using a terminal command, but many do not bother and get exposed to the possibility someone can simply remote-control their device, install malware on it remotely, or extract sensitive data without them knowing it.

Cydia is the default tweaks/themes/app store on jailbroken devices. Here developers can upload and users can download paid or free themes and tweaks, but nobody verifies these tweaks for malware. Developers are usually part of the jailbreak community, but nothing stops a shady developer from making an appealing tweak while bundling a good keylogger in it. It may take even months before someone would find that would.

Some jailbreak users also complain about battery life being shortened severely while using the jailbreak, and that is quite probable considering the number of tweaks and 3rd-party processes running in the background.

Jailbreak and sensitive data

Since jailbroken devices are very unsafe, most applications that work with sensitive data like Credit Cards, Payments, In-App purchases, and so on are blocking the jailbroken devices from using them. PayPal is a good example, one can't use PayPal on a jailbroken device without hacking the application. These locks are implemented to avoid data loss, data theft, and liability.

Since jailbroken devices are fully exposed, hacking an application and disabling jailbreak detection is a matter of minutes for an experienced user, but at that point, the terms and conditions have been breached so it should no longer be Developer's fault if that user faces data loss, data theft or any problem while using the hacked app.

In conclusion...

Jailbreaks are widespread and there are many iOS users currently jailbroken. When building your application you should also account for the fact that your application will inevitably run on such device at some point, and if you're working with sensitive data, you may wanna implement jailbreak detection. Don't get me wrong, if the user really wants to use your app, they can patch your app to work on their jailbroken device but that means breaching your terms and conditions (assuming you have created some strong terms and conditions), and may help you avoid liability should they happen to have any data loss / data theft caused by the jailbroken and therefore insecure device (e.g. somebody hacks their device and steals their credentials or money from their accounts or whatnot). If your application works with sensitive data especially payments, it wouldn't hurt to consult a lawyer when building your terms and conditions - you wouldn't like to be liable for the fact that some random kid couldn't resist without using his mom's credit card to purchase something in your application and some hacker took their card number because they were jailbroken right?

More documentation:

Discussion

1 comments