Detect Jailbroken iOS Device by Running Unsigned Executable

Question

Currently, I'm trying to create a reusable objC security library for developers in my company to use. In this library I would like to have a API that detects if their iOS device is jailbroken. I noticed a clever response by GregH which is similar to what iBooks is doing; you run an unsigned version of an executable (iOS does upon startup of the app via the execve sys call), if it returns you know the device is jailbroken.

Question: Is it possible to package a executable in iOS library and invoke it thru some function? If so, what might be the best way to go about it?

Thanks for your help, kc

Answer 1

Last I checked, sandboxed apps can't even fork(). I'm not sure if they can call execve(). If they can't do either, then simply calling execve() ought to work.

I'm not sure how much jailbreaking interferes with this. It's possible to have a jailbreak that lets you run un-signed apps from un-signed apps but behaves normally if the caller is signed.

It's obviosuly possible to "package" an executable in a library: Just have static unsigned char const data [] = { ... };, write it to a file, chmod(), and try to exec it.

At the end of the day, though, this may be a disservice to your users. A Jailbroken phone doesn't mean your app has been pirated. Unless you know someone with a jailbroken phone who's willing to do some testing (and testing with different jailbreaks), you might be setting yourself up for "It just crashes!" reviews.

(And if it does crash, then someone will come along and crack your app. It's better to be discreet and monitor the "problem" before deciding whether it needs fixing.)

Jailbreaks happen more often than you think. I've added checks for MobileSubstrate to our automated crash-report-symbolicating script because we've seen it in a significant proportion of crashes. OTOH, the proportion of crashes where the app is installed into /Applications (which used to be traditional for cracked apps; perhaps it isn't anymore) is negligible.