While jailbreaking Apple devices is becoming increasingly difficult with every new iOS release, jailbreak detection seems to be losing none of its popularity. Find out if this really is a necessary safeguard or just an outdated precaution.
Jailbreak detection in iOS has been a topic of much debate ever since iOS 5. The main reason anyone would want to use a jailbroken device is that iOS is locked, with Apple blocking some software-related features in older OS versions.
Generally speaking, jailbreaking refers to the process of removing Apple’s restrictions imposed on iOS or iPadOS by exploiting kernel or OS security vulnerabilities. With a jailbroken device, the user usually gains root access (admin privileges), which allows them to access parts of the OS that are usually restricted to them or install apps not available on the official App Store.
A couple of years and several iOS’s ago, a jailbroken device would allow the user to take advantage of certain features otherwise unavailable to them, like changing wallpapers, using the camera torch as a flashlight, enabling force touch (long press) or Siri on older devices like the iPhone 4. However, iOS is far more customizable today, and most of these features are available on older devices with a simple software update.
Although the number of jailbroken devices is decreasing year by year, introducing a jailbreak detection mechanism still remains a popular request with clients. Not only that, some consider imposing additional restrictions like limiting app usage upon jailbreak detection.
We found jailbreak detection to be pointless way back in 2019 when we first wrote about it. But what changed over the years? Can the iPhone be jailbroken as easily as before? Is it still important to add jailbreak checks to apps? We’ll answer these questions and provide an overview of the topic from today’s perspective.
The state of today’s jailbreaking community
If you try searching topics such as “how to jailbreak iPhone,” you’ll mostly be offered sketchy websites filled with even sketchier ads, only to realize that most of them are still stuck in the iOS 15 era when jailbreaking was a thing and almost easy to do.
Compared to the early years of jailbreaking, iOS 15 is hard to jailbreak, iOS 16 is nearly impossible, and there is currently no reliable method for iOS 17. With iOS 18 on the horizon, jailbreaking likely won’t be possible or simply worth the effort.
If you’re persistent in your research, you’ll eventually land on the popular subreddit r/jailbreak, where you can easily spend hours sifting through posts only to get the same advice: “Don’t update your iOS 14 or 15 operating system!”. While there are some tools that claim to jailbreak newer versions like iOS 16, most of them only offer rootless jailbreaks (no root access; only limited access to the device’s file system) or semi-untethered jailbreaks (requiring you to connect your device to a PC and use a jailbreaking tool for each phone reboot).
One post that caught my attention was titled “Why is jb dead?” Most users in the comments agreed that the decline in jailbreaking’s popularity is largely due to Apple incorporating many of the once-desired features directly into iOS. For example, iOS 17 introduced sideloading.
In addition, many of the biggest names in the jailbreaking community have stopped developing new tools and even discontinued their existing ones, as newer OS versions and highly secure A- and M-series chips have made it nearly impossible to find vulnerabilities that could enable jailbreak.
It probably also didn’t hurt that in 2022, Apple introduced its Security Bounty program with whopping rewards of up to $1 million. This likely pushed a number of researchers and developers out of the jailbreaking community and helped Apple patch more security vulnerabilities that could allow jailbreaking.
In summary, compared to the early years of jailbreaking, iOS 15 is hard to jailbreak; the available tools are complex and typically only provide partial access to the system, leaving most of it still secured. Jailbreaking iOS 16 is nearly impossible, and there is currently no reliable method to jailbreak iOS 17. With iOS 18 on the horizon, it is questionable whether jailbreaking will be fully possible or even worth the effort.
How Swift changed the game rules
A few years ago, we published our first article on the topic, Why Jailbreak Detection in iOS Apps Is Pointless. In it, we described several jailbreak detection methods and how attackers can bypass them by exploiting Objective-C’s dynamic nature, which relies on a messaging mechanism at runtime. Because Objective-C-based apps cannot be easily obfuscated, they are relatively easy to reverse engineer. As explained in the blog post, this makes it possible to inject malicious code during runtime.
A few years later, the most widely used programming language on iOS is Swift. The situation has changed because Swift works differently from Objective-C. By nature, Swift is a static language that doesn’t rely on messaging and can be obfuscated. This means that the method for bypassing jailbreak detection mechanisms described in our previous article is no longer applicable with Swift. However, the main conclusion from that post remains just as relevant:
While the process described above might seem simple, it by no means implies that iOS apps lack security. Building truly secure apps includes far more than implementing a simple jailbreak check, and a threat that would justify the effort of blocking app usage based on jailbreak detection would have to be substantial and take copious amounts of work to devise.
How to handle jailbreak detection today
Now that we understand how broadly available jailbreaking is (or isn’t), the question is: what should we do with our apps, and how are we handling this issue with the apps we are developing?
Using the latest SDKs provided by Apple significantly enhances app security, and the key factor in this security is the inability to jailbreak the device.
The first line of defense against jailbreaking is ensuring your app and operating system are up to date. Using the latest SDKs provided by Apple significantly enhances app security, and the key factor in this security is the inability to jailbreak the device. By setting the minimum supported iOS version as high as possible—ideally, the current version plus no more than two previous versions—you reduce the chances that the app will be run on a jailbroken device to nearly zero.
This is why we currently recommend our clients set the minimum supported iOS version to iOS 16. With the upcoming release of iOS 18, “current + max 2” will soon mean iOS 16, 17, and 18.
For example, in one of our ongoing projects, simply by setting the minimum version to iOS 16, we get only 15 out of 4,800 users (0.3%) with jailbroken devices, and those users are well aware of what they’re doing, given how difficult jailbreaking iOS 16 is. Once iOS 18 is released, and if we raise the minimum supported version to iOS 17, the likelihood of any users having jailbroken devices will be virtually nonexistent.
Generally, when we’re dealing with this issue on our projects, besides employing some common jailbreak detection methods, we also try to determine if any debugger or proxy is connected to the device. In such cases, we stop the app’s execution, as this indicates a high-risk scenario where the attacker may have greater control over both the OS and the app.
Besides, if we keep in mind that jailbreak detection methods are still the same as in the early days (check if the file can be written to a protected directory, whether there’s a forbidden app installed on the device, etc.) and that these checks are not always effective, taking further measures is possible but unnecessary, as they won’t meaningfully increase the app’s security.
There’s more to security than jailbreak detection
To conclude, adding that extra layer of security to an app is okay, but we shouldn’t restrict app usage based solely on detecting a jailbroken device. Not only does this degrade the user experience without offering meaningful security benefits, but it also prevents more advanced users from using their devices as they see fit, which suggests a “lazy” approach to security.
Finally, we must remember that, with enough resources and determination, any protection can be broken, and we should not rely only on jailbreak detection or app integrity checks. Securing an app is a far more complex process that includes security measurements on both the backend and the frontend.
And, as always, if you need any help raising your security posture, you can check out our cybersecurity services.