2

So many security vendors and app providers warn us users against jailbreaking iOS devices. The fear mongering is often very dramatic. However I can't find real world examples of actual problems caused by jailbreaking. Have they all been covered up or is it all nonsense?

Specifically I'm interested in knowing whether all those media apps that refuse to run on jailbroken devices are actually really at risk. Can, for example, media downloaded for offline use from something like Spotify, BBC iPlayer, or Amazon Video be extracted and shared? I'm not looking for a how-to; just some proof that there's really something to be worried about for the third-party app providers that justifies the near hysteria presented in things like Europol's “MOBILE MALWARE - TIPS & ADVICE TO PROTECT YOURSELF” (dated 24th October 2016).

Anders
  • 64,406
  • 24
  • 178
  • 215
user12824
  • 21
  • 1
  • It's not clear if you are asking about problems for the content providers because you cite Spotify etc or if you are asking about problems for the users because you refer to information about malware. These are important differences because in the first case the owner of the device profits from jail breaking while in the last case he looses. – Steffen Ullrich Oct 30 '16 at 09:51
  • Thanks for the fast reply. I'm actually interested in both perspectives. When a device is jailbroken, is there a _real_ possibility for users to access stuff that developers don't want them to, or is it just theoretical? I'm not talking about the trivial stuff like jailbreak tweaks that let you change the name of the telephony provider. On a non-jailbroken device there's an assumption (perhaps misplaced) that my app's secrets are secure. When I jailbreak there are many claims that they're now insecure. I'm trying to find out whether there's substance to those claims. – user12824 Oct 30 '16 at 11:38
  • 1
    In this case I recommend to actually split your question into two more specific questions: I.e. one which asks why it might be dangerous for the user and one which asks why it might be a problem for a content provider. As it is know I consider it too broad. – Steffen Ullrich Oct 30 '16 at 12:01
  • I think there's merit in leaving it as a single question - anyone with thoughts on either context can leave replies. So far you're the only commenter and that's only to help refine the question (an important task, but administrative rather than fruitful). – user12824 Oct 30 '16 at 12:50
  • The issue is that jailbreak tools are mostly closed-source and sometimes of unknown or dubious origins, so it's not really a good idea to let such software obtain full root access to your device. – André Borie Oct 30 '16 at 13:00
  • 1
    @user12824: by keeping two mostly unrelated problems in a single question you just make it harder for somebody to give a good and comprehensive answer. If you have a look at this site you might notice that the aim is not to collect as much different feedback as possible in different answers but preferable to have one or only few answers which actually cover the whole question. – Steffen Ullrich Oct 30 '16 at 13:25
  • 1
    @user12824 this is a Q&A site where the goal is to be able to provide a single acceptable answer to questions. By co-mingling 2 different perspectives requiring 2 different answers, you make this question too broad. You can cover both perspectives by asking 2 questions ... – schroeder Oct 30 '16 at 14:40

1 Answers1

-1

There's actually no real harm caused to the end user by jailbreaking their device. The fear mongering that you speak about comes from software vendors who're worried that it might be possible for someone (I say 'possible'. Only read one report of someone reversing Spotify's content protection) to bypass the safety mechanisms that they have in place. For game developers this might mean preventing people from mining unlimited amounts of in-game cash, for small creators it might mean someone faking in app purchases to disable ads etc.

Can, for example, media downloaded for offline use from something like Spotify, BBC iPlayer, or Amazon Video be extracted and shared?

Short answer: Yes. Given enough resources and time. it'd be possible to reverse the protection for the content.

thel3l
  • 3,384
  • 11
  • 24
  • 1
    Saying that there is never any real harm in jailbreaking for the customer sounds like a strong statement to me. Do you have anything to back it up? (Not saying it is wrong - I am no expert in that area.) – Anders Oct 30 '16 at 19:46
  • My starting point is that anything technology wise is possible "given enough resources and time". I'm looking for real world examples, outside of a security researcher's lab, that such things have actually occurred. As per the title of this thread: does the FUD have merit? – user12824 Oct 31 '16 at 10:43
  • As I said in the line before that, yes. They have: – thel3l Oct 31 '16 at 15:19
  • http://moyix.blogspot.in/2014/07/breaking-spotify-drm-with-panda.html – thel3l Oct 31 '16 at 15:21