Apple has quietly disabled the jailbreak detection API in iOS 4.2, leaving device management vendors in awe, according to various reports. The respective API (application programming interface) was present in a bundle of mobile device management (MDM) APIs introduced by Apple in June with iOS 4.0.In a nutshell, the jailbreak detection API allowed MDM applications like AirWatch or Sybase's Afaria ask the iPhone operating system if it had been tampered with.
"We used it when it was available, but as an adjunct," said Sybase vice president of engineering Joe Owen,
according to AppleInsider citing a Network World
report.
"I'm not sure what motivated their removing that....I've not had anyone [at enterprise customer sites] talk to me about this API being present or being removed," Owen added.
However, using an API-based query still wasn’t stopping the jailbreaks, according to the Sybase man.
"It's an interesting concept - asking the OS to tell you if it has been compromised," Owen said, according to Network World.
"Because a smart attacker might first change that very part of the OS. Jailbreaks often get better and better at disguising the fact that anything has been compromised."
Jeremy Allen, principal consultant with Intrepidus Group, explained that the API in effect either lies about or is simply unaware of the hack.
"[I]t may be feasible to detect jailbreaks of a specific version or type, but they will still be trapped in the cat and mouse game they play with jailbreakers," said Allen.
"Whatever they add [in the OS] to detect the jailbreak, if it is to be queried from the iOS kernel, it must be accessible and have the ability to be changed. Meaning, if it is going to be a useful detection method it can also be circumvented. It is a fairly intractable problem to solve 100%," Allen concluded.
Find us on Google+
