Jailbreak device detection

pag
New Contributor

Sensitive and already open discussion on many occasions, but I think essential to really manage the deployment of iPhones in a commercial society and the associated business risks.

Since the removal of the detection jailbreak detection in iOS API's, there's no 100% sure way to detect jailbreak iDevices.

One possible way would be to push an application on iDevices (as does Airwatch) in addition to Self Service, but that does not comply with Apple’s instructions for MDM systems...

I just realize after performing a jailbreak an iPhone (iOS 6.1.4) that the JSS Built-in Certificate Authority did not install correctly and wasn’t present. I was able to reproduce this all time I’ve tried to enroll this particular device.

Does someone noticed that too on other jailbreak iDevices? I don’t know whether this is a problem with the jailbreak or the iOS version?

If confirmed by others, it would be a possible detection way?

Thank you for your feedback !

7 REPLIES 7

brandonusher
Contributor II

You might be able to just see if an application is installed (Cydia)

pag
New Contributor

Thanks, but Cydia is not appearing in my JSS app list unfortunately (not really sure it is even an app...).

I was wondering if I could try pushing an unsigned app to the iDevice through the Self Service in-house apps, but XCode does not allow to create an unsigned app package... If the app installs itself, it would mean that the device is jailbreak.

If somebody knows a way to write an app and get an unsigned package (in a safe way...)?

brandonusher
Contributor II

The app identifier for a Cydia should be com.saurik.Cydia (or close to that)

See if it can find that

pag
New Contributor

Unfortunately nothing related to cydia in the application list. Would have been too simple ;-)

bentoms
Release Candidate Programs Tester

I think the Cydia app lives outside the iDevices app folder; which is why it's not showing.

jwojda
Valued Contributor II

we've gone rounds with our MDM provider and Apple over jailbreak detection. It was something that was offered in the past, but it was so unreliable that it was removed. Sadly, there's no real way to detect it.

http://www.scmagazineuk.com/why-ios-jailbreak-detection-is-a-fundamentally-flawed-security-process/a...

pag
New Contributor

Just wondering if the missing certificate could be a possible solution as it is the only difference I could notice between a jailbreak and not jailbreak iPhone in JSS... If somebody got an iOS 7.x jailbreak iPhone/iPad and check if the JSS Built-in Certificate Authority is missing?

Thanks.