2

Considering the iOS apps which are to be used by general public (transfer money, booking tickets, chat, video etc):

  • Is there a way so that an app can't be installed on a jailbroken device?
  • If an app is made such that it doesn't run on a jailbroken apple device, is it a good security measure? E.g. will deep file system and binary analysis be stopped?
  • Can Apple control which apps can't run on jailbroken devices?
Anders
  • 64,406
  • 24
  • 178
  • 215
one
  • 1,781
  • 3
  • 18
  • 45
  • how is that a security question? why ask so many questions without proper line endings? what is it actually you want to know? No (security through obscurity is always bad) ? why do you want to choose for other people what they can and can not do? – LvB Jun 13 '16 at 10:11
  • 3
    How is this *not* a security question? – Anders Jun 13 '16 at 10:27
  • My bad for not using the proper line endings. Thanks _@Anders_ for the edits. My concern here is that most of the apps used for iOS pentesting can be installed on jail broken devices only. So if an app doesn't run on JB devices, isn't it making it more secure? – one Jun 13 '16 at 10:33
  • @Anders its not a security question because once a phone is jailbroken, all bets are off, everyone knows that, and everyone knows that people who jailbreak their phones are idiots and there's only so much you can do to protect people against their own stupidity ! If they've already taken the time to jailbreak their phones, then they'll probably bypass any blocks on your "no install on jailbroken" software too. – Little Code Jun 13 '16 at 10:49
  • @LittleCode That sounds more like an attempt at answering the original question than an attempt to explain why it is not on topic. – Anders Jun 13 '16 at 10:56
  • @Anders how is "Is there a way so that an app can't be installed on a jail broken device?" a Security question." it is on a Security broken device (as Little Code suggests) and its a question about operations, not the security. Any answer for that that does not come from apple is basically a answer that false under "product recommendation" and therefor out of scope for this website. – LvB Jun 13 '16 at 11:04
  • @Anders, I second what LvB said. Its out of scope for this website (or indeed any website discussing "information security") because once you've jailbroken you're pretty much saying "I dont' care about infosec". – Little Code Jun 13 '16 at 13:26

2 Answers2

2

I will attempt to put together an answer based on the comments.

In broad strokes, you're right that life would be better if apps with sensitive data refused to run on jailbroken devices. That said, the whole point of jailbreaking is to rip open the security features of the operating system and allow apps to have root access. Your question

Should an iOS app be allowed to run on jailbroken devices?

is kinda like asking

"Should valuable jewelry be allowed in my house after I've removed all the doors and windows?"

I mean, no, they shouldn't, but that's really your fault, not the jewelry's.

Is there a way so that an app can't be installed on a jailbroken device?

Can Apple control which apps can't run on jailbroken devices?

Only Apple can provide a proper answer to this, anything said here will be speculation. The short answer is: not really or not reliably.

Google "how to detect a jailbroken iphone" and you'll fined a pile of articles and Stack Overflow questions which basically confirm that people do try to detect if their app is running on a jailbroken device, but it's a game of cat-and-mouse:

Like any other rootkit, the authors of jailbreak tools want to make it hard to detect whether or not the device is jailbroken. By trying to detect it, you're basically entering into an arms race with the rootkit authors.

Community
  • 1
Mike Ounsworth
  • 57,707
  • 21
  • 150
  • 207
1

This is a security control suggested by parties like OWASP, this will not stop deeper analysis but will surely make it harder. And since jailbroken/rooted devices have some of the security measures that were provided by the Os disabled they may increase the risk of data theft and compromise so some critical applications like financial ones detect jailbreak/root and stop working on such devices.

Silverfox
  • 3,369
  • 2
  • 19
  • 39