How to Protect iOS Apps From Jailbreak Bypass/ Hiding Tools
Learn 3 easy steps to Protect iOS Apps against Jailbreak Bypass and Jailbreak Hiding tools such as JailProtect, Liberty Lite, TweakRestrictor, KernBypass, and FlyJB.
What is iOS Jailbreaking?
Jailbreaking is the process of unlocking the iOS operating system on an Apple mobile device. Jailbreaking is a form of administrative privilege escalation, which bypasses Apple’s restrictions, resulting in full administrative control over the OS (the highest level of administrative privilege possible). Jailbreaking is often accomplished by exploiting bugs in Apple’s software/firmware or modifying system kernels to allow read and write access to the file system. Jailbreaking is one of the primary methods/tools for every hacker – both black hat hackers and white hat hackers (eg: penetration testers or security researchers). They all use Jailbreaking in similar ways (to compromise the security model of mobile devices, the operating system, and any app running on the device). The main difference is that black hat hackers have malicious intent, while white-hat hackers generally have non-malicious intent.
Here are the Top 5 reasons people Jailbreak iOS/ iPhones
- To bypass Apple’s restrictions and install software Apple doesn’t support or sanction.
- To change the behavior of the OS in ways that Apple does not support
- Developers Jailbreak iOS to access and or modify the file system, test new app builds, install a wider variety of software programs to test their app to validate the security model of their app, etc
- Gamers or hackers Jailbreak iOS to access alternative app stores like Cydia or Sileo. These repositories allow for the installation of game mods, tweaks, cheat tools, and more advanced hacking tools.
- Pen testers and Hackers Jailbreak iOS to gain an advantage in compromising the security model, to expose weaknesses in mobile app protections, to disable anti-tampering or other security protections, to turn off security SDKs that have been hard-coded to the app.
Whatever the intent, Jailbreaking makes every hacker’s job much easier by providing a significant advantage to compromise the security model, due to the elevated level of privilege and full administrative control that Jailbreaking enables. You can think of Jailbreaking as a ‘gateway’ hacking tool: In other words, Jailbreaking is a fundamental hacking tool that enables more advanced hacking tools or methods. For instance, jailbreaking makes it easier to use emulators and simulators to hack mobile games. Jailbreaking provides unfettered access to alternative repositories like Cydia, where one can obtain any number of tweaks, mods, fake apps, clones and. more. Jailbreaking makes it easier to disable anti-tampering protections, turn off digital rights management checks, to disable mobile threat detection SDKs in the source code. Jailbreaking makes it easier to run a tool like FRIDA to perform dynamic code injection, function hooking, method swizzling (all methods by which hackers alter the logical control flows of a mobile app to replace intended app behaviors with their own malicious behaviors). Jailbreaking makes it easier to hack in-app purchases, to disable mobile advertising SDKs, to set-up a malware beacon inside the app.
Bottom line: Jailbreaking compromises the mobile security model. It enables hackers to send fake signals, to modify code, to modify the file system, to disable security protections. Any iOS app that runs on a Jailbroken device is in a vulnerable state, where hackers can amplify and increase the magnitude of their attacks – all with less effort.
What is Jailbreak Bypass (aka Jailbreak Hiding)?
Hackers use Jailbreak Bypass and Jailbreak Hiding tools to evade Jailbreak detection/protections. As mentioned above, Jailbreaking makes it easier to hack iOS apps and to compromise the mobile security model. So if a mobile app is protected with Jailbreak detection or Jailbreak protection, hackers will try to either bypass the protection or hide the fact that the device is Jailbroken. If they can evade detection, then they can operate in a Jailbreak state longer (doing whatever activity they used Jailbreak to achieve in the first place): such as play the game for free longer, or use more advanced or automated tools like emulators to modify in-app purchases, use FRIDA to inject malicious code, to use IDA-Pro to create a call graph to trace the app’s source code, to modify app workflows, or send fake signals to unsuspecting users to make their attacks seem more legitimate/credible.
Hackers combine Jailbreak tools with Jailbreak bypass tools to kill two birds with one stone. For example, hackers combine the use of Jailbreak tools like CheckRa1n, Unc0ver, Zylon, PlankFilza, Chimera, etc, (which they use to Jailbreak iOS), alongside special-purpose Jailbreak Bypass or Jailbreak hiding tools like FlyJB, JailProtect, Liberty Lite, TweakRestrictor, KernBypass. The first set of tools is used to achieve Jailbreak state, while the second set of tools is used to conceal the fact that the device is Jailbroken or to bypass Jailbreak protection/detection mechanisms in the app.
Below is a non-exhaustive list of some of the top Jailbreak, Jailbreak bypass/hiding tools, and how hackers combine those tools for maximum effect.
|Jailbreaking tool||Jailbreak Bypass/Hiding Tool|
|PlankFilza (iOS file system manager)||TweakRestrictor|
How to Protect iOS Apps against Jailbreak and Jailbreaking Hiding Tools
Appdome Jailbreak Prevention enables an iOS app to protect itself against Jailbreaking and Jailbreak Hiding. You can use Appdome to build Jailbreak Prevention into any iOS app – without coding. When the Appdome-secured app detects that it’s running on a Jailbroken device the app will shut itself down (default behavior) after displaying a message to the mobile user. This protects that app, user, and mobile data from being compromised or attacked by a malicious actor using Jailbreaking.
3 Easy Steps to Protect iOS apps against Jailbreaking, Jailbreak Bypass, Jailbreak Hiding
Please follow these 3 easy steps to add Jailbreak Prevention to any iOS app, which automatically protects iOS apps against the most common Jailbreak bypass and jailbreak hiding tools.
- Upload an iOS App to Appdome’s no code security platform (.ipa)
- In the Build Tab, under Security, Select Jailbreak Prevention (shown below)
- Click Build My App
Appdome’s Jailbreak Prevention automatically protects mobile apps against the most common combinations of Jailbreak and Jailbreak hiding tools and combinations.
Congratulations! The app can now defend itself against Jailbreaking and Jailbreak Hiding/Bypass tools.
Appdome’s no-code mobile app security platform offers mobile developers, DevSec and security professionals a convenient and reliable way to protect Android and iOS apps with RASP (Runtime Application Self-Protection), such as Jailbreak Prevention. When an Appdome user clicks “Build My App,” Appdome leverages a microservice architecture filled with 1000s of security plugins, and an adaptive code generation engine that matches the correct required plugins to the development environment, frameworks, and methods in each app.
Here’s what you need to build secured apps with
- Appdome account (If you don’t have an Appdome account, create a free Appdome account here)
- Mobile App (.ipa for iOS)
- Signing Credentials (e.g., signing certificates and provisioning profile)
No Coding Dependency
How to Sign & Publish Secured Mobile Apps Built on Appdome
After successfully securing your app using Appdome, there are several available options to complete your project, depending on your app lifecycle or workflow. These include:
- Signing Secure iOS and Android apps
- Customizing, Configuring & Branding Secure Mobile Apps
- Deploying/Publishing Secure mobile apps to Public or Private app stores
Or, see this quick reference Releasing Secured Android & iOS Apps built on Appdome.
How to Learn More
Other KB articles on preventing jailbreak bypass tools:
Check out the full menu of features in the Appdome Mobile Security Suite
If you have any questions, please send them our way at firstname.lastname@example.org or via the chat window on the Appdome platform.
Or request a demo at any time.
Thanks for visiting Appdome! Our mission is to secure every app on the planet by making mobile app security easy. We hope we’re living up to the mission with your project. If you don’t already have an account, you can sign up for free.