Security tips for mobile application developers – Jailbreak Detection and Root Detection
Jailbreaking and rooting of mobile devices is a pretty common practice depending on the circles you travel in. Amongst my geeky friends, having a jailbroken or rooted device is probably the case around 90% of the time. That number would be higher if it wasn’t for some of my hipster buddies walking around with 1998 Motorola StarTACs. Globally, depending on who’s stats you believe, somewhere around 10 percent of iOS devices are jailbroken and 27% of android devices are rooted. It’s virtually impossible to prevent rooting and jailbreaking. If it could be done without causing technical or political issues I’m sure Google and Apple would have done it. So when it comes to jailbreaking and rooting – prevention isn’t the key, Jailbreak detection and root detection are.
Why jailbreak or root your mobile device
Jailbreaking has a long history going back to pre-2008 when Apple didn’t have an AppStore. If you wanted “cool stuff” you had to look outside Apple or else, you were relegated to running everything over a browser. I know, right – yuck. Today, there are many reasons people jailbreak or root their mobile devices. Just philosophically gaining greater control over a personally owned device could be a driver. Increasing performance, tweaking the UI or expanding the places where they can download apps from, in the case of iOS, are all common motivations.
Jailbreaking and rooting from a policy perspective
Jailbreaking for iOS and rooting for Android allows users, and sometimes malware, to elevate privileges and access on mobile devices. This can introduce a higher level of risk. Organizations often have policies to disallow access or alert when mobile devices that are jailbroken or rooted interact with their assets. From a practical perspective, most developers and organizations opt to alert a user or administrator if a jailbroken or rooted device is detected rather than exiting the app.
A note about Pegasus
For this attack to work, an attacker simply sends an SMS message with a link to malware to a targeted iPhone. If the iOS version is 9.3.4 or lower, it’s vulnerable, and if the user clicks on the link, the malware is automatically downloaded and installed.
The malware jailbreaks the mobile device. It does this by taking advantage of three zero-day vulnerabilities. This allows the malware to gain access to information such as chat, mail, calendar and social media. It then sends the details to the attacker. Pegasus can even be used to turn on the mobile device’s microphone and eavesdrop on conversations. For a detailed report on Pegasus check out a great piece Michael Heller wrote for SearchSecurity, Pegasus iOS exploit uses three zero days to attack high-value targets.
Appdome’s jailbreak detection and root detection
What I really like about Appdome’s approach to jailbreaking and rooting is that your app can be fused with a definable policy. We don’t do simple jailbreak detection and root detection. We offer you different options for response. Exiting the app upon jailbreak detection or root detection is one option, but since blocking all jailbroken or rooted devices isn’t practical in many situations, there are alternative options. Instead of blocking, the user and or administrator can be notified upon detection. But your apps’ protection can go further than detecting and responding to jailbroken or rooted devices.
Jailbreak detection and root detection are just two of multiple free Appdome security features that can be selected when you build your app. Appdome offers other protections that I’ve blogged about such as anti-tampering and checksum verification that give your app an increased level of security, even when operating on a jailbroken or rooted device.
When you select the features you would like to build into your app from Appdome, you can pick root detection in the case of Android or jailbreak detection in the case of iOS. You can even disallow your fused app from running if the user has enabled “Allow app install from unknown sources” on their mobile device.
In addition to setting a policy-based response to jailbreak and root detection Appdome includes a multi-layered approach to actually detect that a device has been jailbroken or rooted. These detection capabilities include access violation detection, integrity checks and run-time check summing. Used by itself or in conjunction with other Appdome security features the overall security of your app can be increased while also providing a framework that allows you to set a response based on organizational policies such as – notify the user and administrator if the app is operating on a jailbroken or rooted device.
Thanks for reading! This blog is part of a series focused on security tips for mobile application developers. While it’s not intended to be an exhaustive analysis of security issues or Fusion, it’s my intent to use this blog series as a platform to help mobile application developers become more security-aware. I hope you found this information useful.