2

For sensitive mobile apps such as banking applications, it is recommended to detect if the device is JailBroken and prevent the application from working on that device.

But there are tools such as "Flex 3" on Cydia which allow users to bypass this protection by changing the Boolean value (jailbreak status) to True or False, thereby allowing the app to run in a JailBroken device.

What possible techniques can be employed to prevent bypass of JailBreak detection techniques?

Nitin_Ramesh
  • 137
  • 2
  • 9
  • 1
    http://resources.infosecinstitute.com/ios-application-security-part-23-jailbreak-detection-evasion/#gref Here's a little article that explains some workarounds being tricked by a tool like Cydia. – sir_k May 02 '18 at 11:16
  • Thank you to mention that article, it is so helpful. – Dody Rachmat Wicaksono Jan 06 '19 at 04:00

1 Answers1

7

I am pretty sure there are no reliable methods to detect jail-break/root. And I would not recommend locking out users. My bank for example had me accept responsibility in case my account gets hacked as a result of having rooted device and that is IMO the reasonable thing to do. Trying to stop users from doing what they want to do is neither nice, nor will it ever work, as they will find ways around it.

Also consider this, having jail-broken iPhone is similar to having Unknown-Sources enabled on an android and while it is less secure, you would not block such users on Android.

Peter Harmann
  • 7,728
  • 5
  • 20
  • 28
  • While it is similar, i think that in android you can allow "Unknown Sources" without access to root, while in Jailbroken mode, there is access to root privileges. This makes it far more dangerous, not to mention the access to restricted directories as well. – Nitin_Ramesh May 04 '18 at 03:34
  • @Nitin_Ramesh If it is true that JailBreak provides substantially higher privileges, then it is arguably more dangerous than root, because users that root usually understand the risk, while JailBreaks main purpose is to allow "unknown sources", so many people including me don't think much about the privileges. According to this, jailbreak however does not provide full root privileges: https://www.quora.com/If-I-jailbreak-an-iPhone-can-I-have-same-level-of-privileges-as-an-rooted-Android-phone – Peter Harmann May 04 '18 at 07:06
  • 1
    It isn't any useful to restrict such things, as any computer grants more privileges to programs than a jail broken smartphone to its apps. If your security depends on the integrity of a single device, you're out of luck. That's why backs use TAN generators these days. – allo Jun 28 '18 at 12:00