Mobile Jailbreak Detection (iOS)
Qu'est-ce que Mobile Jailbreak Detection (iOS) ?
Mobile Jailbreak Detection (iOS)Runtime checks an iOS app performs to determine whether the device has been jailbroken — looking for Cydia/Sileo/Zebra files, suspicious URL schemes, write access outside the sandbox, or App Attest disagreement.
Mobile jailbreak detection is the iOS counterpart to Android root detection. An iOS app inspects its running environment at sensitive moments to estimate whether the device has been jailbroken and therefore whether the app sandbox and Keychain assumptions still hold. Common heuristics include filesystem checks for `/Applications/Cydia.app`, `/Applications/Sileo.app`, `/Applications/Zebra.app`, `/usr/sbin/sshd`, and other Cydia Substrate paths; openURL probing for `cydia://`, `sileo://`, `filza://`; checking whether the app can write outside its sandbox (e.g. to `/private/foo.txt`); detecting suspicious dyld libraries (`MobileSubstrate`, `frida-gadget`); fork() returning success (jailbroken iOS allows it, sandboxed apps cannot); and signing-entitlement / signer-identity checks. As with Android root detection, all of these can be defeated by sophisticated tweak tools (Liberty, Shadow, A-Bypass, hideJB), so modern apps combine local heuristics with App Attest server-side verification — App Attest will not produce a valid attestation on a jailbroken or simulated device. OWASP MASVS resilience controls treat jailbreak detection as a defense-in-depth signal, not a perimeter.
● Exemples
- 01
A payment app fails App Attest provisioning when run on a jailbroken iPhone, and its backend refuses to enrol the device — invisibly, without scaring the user.
- 02
An anti-fraud SDK reports a 'jailbreak likely' signal in its risk score after seeing both a Cydia file present and an unsigned dyld library loaded into the process.
● Questions fréquentes
Qu'est-ce que Mobile Jailbreak Detection (iOS) ?
Runtime checks an iOS app performs to determine whether the device has been jailbroken — looking for Cydia/Sileo/Zebra files, suspicious URL schemes, write access outside the sandbox, or App Attest disagreement. Cette notion relève de la catégorie Sécurité mobile en cybersécurité.
Que signifie Mobile Jailbreak Detection (iOS) ?
Runtime checks an iOS app performs to determine whether the device has been jailbroken — looking for Cydia/Sileo/Zebra files, suspicious URL schemes, write access outside the sandbox, or App Attest disagreement.
Comment fonctionne Mobile Jailbreak Detection (iOS) ?
Mobile jailbreak detection is the iOS counterpart to Android root detection. An iOS app inspects its running environment at sensitive moments to estimate whether the device has been jailbroken and therefore whether the app sandbox and Keychain assumptions still hold. Common heuristics include filesystem checks for `/Applications/Cydia.app`, `/Applications/Sileo.app`, `/Applications/Zebra.app`, `/usr/sbin/sshd`, and other Cydia Substrate paths; openURL probing for `cydia://`, `sileo://`, `filza://`; checking whether the app can write outside its sandbox (e.g. to `/private/foo.txt`); detecting suspicious dyld libraries (`MobileSubstrate`, `frida-gadget`); fork() returning success (jailbroken iOS allows it, sandboxed apps cannot); and signing-entitlement / signer-identity checks. As with Android root detection, all of these can be defeated by sophisticated tweak tools (Liberty, Shadow, A-Bypass, hideJB), so modern apps combine local heuristics with App Attest server-side verification — App Attest will not produce a valid attestation on a jailbroken or simulated device. OWASP MASVS resilience controls treat jailbreak detection as a defense-in-depth signal, not a perimeter.
Comment se défendre contre Mobile Jailbreak Detection (iOS) ?
Les défenses contre Mobile Jailbreak Detection (iOS) combinent habituellement des contrôles techniques et des pratiques opérationnelles, comme détaillé dans la définition ci-dessus.
Quels sont les autres noms de Mobile Jailbreak Detection (iOS) ?
Noms alternatifs courants : Jailbreak detection, iOS jailbreak check.
● Termes liés
- mobile-security№ 630
Jailbreak (iOS)
Procede consistant a contourner la signature de code et le sandbox d'Apple sur un iPhone ou iPad afin d'installer des logiciels non approuves par Apple.
- mobile-security№ 780
Mobile Root Detection (Android)
Defensive checks an Android app runs to determine whether it is executing on a rooted device — typically by probing for su binaries, Magisk files, busybox, dangerous build properties, or hardware-attested integrity verdicts.
- mobile-security№ 062
Apple App Attest
Apple's iOS / iPadOS / tvOS / watchOS attestation service that lets an app prove to its backend that it is the genuine, App-Store-signed binary running on a real Apple device with Secure Enclave protection.
- mobile-security№ 772
Sécurité des applications mobiles
Pratique consistant a concevoir, developper et tester des applications iOS et Android afin de proteger les donnees utilisateur, empecher la retro-ingenierie et resister a la manipulation en execution.
- mobile-security№ 481
Frida Dynamic Instrumentation
An open-source dynamic instrumentation toolkit by Ole André Vadla Ravnås that lets researchers hook, trace, and rewrite functions inside running processes on Android, iOS, Windows, macOS, and Linux — the de facto tool for mobile app reverse engineering and bypass research.
- compliance№ 871
OWASP MASVS
Mobile Application Security Verification Standard de l'OWASP, socle d'exigences de securite testables pour les applications mobiles iOS et Android.