Jailbreak Detection

m_green
New Contributor III

I have a smart group that emails me when an iPad is detected as jailbroken. It also emails me when a device leaves the Jailbroken status. As of a few weeks ago, I've had well into the hundreds of emails that devices are being jailbroken. Usually after a few minutes I get an email that the device is no longer jailbroken. I've had our technicians check into it and there's no noticeable difference on the device level and in the MDM for the devices that are "Jailbroken." I've even been working on an iOS device, sent an update inventory to it, and then immediately received an email that the device was Jailbroken and then another emails that the device was not longer jailbroken.

I spoke with Jamf Support and since the problem was essentially fixing itself and not causing other issues, it was thought that it would eventually stop the same way it started.

Is anyone else having this issue or has anyone had this issue and found a fix?

11 REPLIES 11

ejculpepper
Contributor

I'm seeing the exact same behavior in our environment. I've checked a few of the devices that report as "Jailbroken", but not a single one was actually Jailbroken.

I've sent inventory updates to some of the devices, and the Jailbroken status will return to say it's not Jailbroken.

I worked with Jamf Support through their chat option and was told that the Jailbroken status checks for "Cydia" on the device, if it is present then the device is reported as Jailbroken. This does not seem to be the case though...

m_green
New Contributor III

@ejculpepper

Glad it's not just us! Thanks for the feedback!

jared_f
Valued Contributor

Maybe it is something with the jailbroken option in smart groups that is broken? As @ejculpepper mentioned, the jailbroken status is reported on whether the device contains the app Cydia. How about doing a smart groups searching for devices containing the app "Cydia" instead of using Jamf Pro's built in detection tool.

d_logue
New Contributor III

I have a couple of devices that just started reporting Jailbreak detected. These are 1:1 devices in the hands of students, but they don't have access to the App Store, they can only install apps from Self-Service. I checked one of the iPads this morning and could not see anything unusual about it, no strange profiles, no VPN, no unusual apps.

KMerendaTFMC
New Contributor III

I’m having the exact same issue . Jamf Support told me they have an internal support article on it:

Unfortunately we do not have any external documentation be we do have it internally documented.

“In this case the issue we are dealing with is PI-006116. The description of the product issue is "Jailbreak detection not working on iOS 9, 10, 11, 12".

This can cause devices that are not jailbroken to report falsely. I have tied this case to that product issue so it is documented on our side.”

The only suggestion they had for me was not to use that property.

thejenbot
Contributor III

I had used this criteria in the past and what I found is that if Self Service hadn't been opened it would report as Jailbroken. Once Self Service was opened and the device updated in inventory it would fall out of that group. Pretty stupid if you ask me...

RLR
Valued Contributor

Just tested this and our smart group is saying we have 4 jail broken iPads but none of them are.

roman_gaddis
New Contributor

We are having the same issue. I have been working with support too. It hasn't been resolved. It started when we upgraded to JSS 10.7.

lpmiller
New Contributor

I just noticed I am having the issue too.

yngve
New Contributor II

I've got the same issue with iPhones and iOS 13.1

Emmert
Valued Contributor

Same with iPads. I tried making a smart group for this a week or two ago and there were five or six false positives. (and zero true positives)