Mobile Jailbreak Detection (iOS)
O que é Mobile Jailbreak Detection (iOS)?
Mobile Jailbreak Detection (iOS)Runtime checks an iOS app performs to determine whether the device has been jailbroken — looking for Cydia/Sileo/Zebra files, suspicious URL schemes, write access outside the sandbox, or App Attest disagreement.
Mobile jailbreak detection is the iOS counterpart to Android root detection. An iOS app inspects its running environment at sensitive moments to estimate whether the device has been jailbroken and therefore whether the app sandbox and Keychain assumptions still hold. Common heuristics include filesystem checks for `/Applications/Cydia.app`, `/Applications/Sileo.app`, `/Applications/Zebra.app`, `/usr/sbin/sshd`, and other Cydia Substrate paths; openURL probing for `cydia://`, `sileo://`, `filza://`; checking whether the app can write outside its sandbox (e.g. to `/private/foo.txt`); detecting suspicious dyld libraries (`MobileSubstrate`, `frida-gadget`); fork() returning success (jailbroken iOS allows it, sandboxed apps cannot); and signing-entitlement / signer-identity checks. As with Android root detection, all of these can be defeated by sophisticated tweak tools (Liberty, Shadow, A-Bypass, hideJB), so modern apps combine local heuristics with App Attest server-side verification — App Attest will not produce a valid attestation on a jailbroken or simulated device. OWASP MASVS resilience controls treat jailbreak detection as a defense-in-depth signal, not a perimeter.
● Exemplos
- 01
A payment app fails App Attest provisioning when run on a jailbroken iPhone, and its backend refuses to enrol the device — invisibly, without scaring the user.
- 02
An anti-fraud SDK reports a 'jailbreak likely' signal in its risk score after seeing both a Cydia file present and an unsigned dyld library loaded into the process.
● Perguntas frequentes
O que é Mobile Jailbreak Detection (iOS)?
Runtime checks an iOS app performs to determine whether the device has been jailbroken — looking for Cydia/Sileo/Zebra files, suspicious URL schemes, write access outside the sandbox, or App Attest disagreement. Pertence à categoria Segurança móvel da cibersegurança.
O que significa Mobile Jailbreak Detection (iOS)?
Runtime checks an iOS app performs to determine whether the device has been jailbroken — looking for Cydia/Sileo/Zebra files, suspicious URL schemes, write access outside the sandbox, or App Attest disagreement.
Como funciona Mobile Jailbreak Detection (iOS)?
Mobile jailbreak detection is the iOS counterpart to Android root detection. An iOS app inspects its running environment at sensitive moments to estimate whether the device has been jailbroken and therefore whether the app sandbox and Keychain assumptions still hold. Common heuristics include filesystem checks for `/Applications/Cydia.app`, `/Applications/Sileo.app`, `/Applications/Zebra.app`, `/usr/sbin/sshd`, and other Cydia Substrate paths; openURL probing for `cydia://`, `sileo://`, `filza://`; checking whether the app can write outside its sandbox (e.g. to `/private/foo.txt`); detecting suspicious dyld libraries (`MobileSubstrate`, `frida-gadget`); fork() returning success (jailbroken iOS allows it, sandboxed apps cannot); and signing-entitlement / signer-identity checks. As with Android root detection, all of these can be defeated by sophisticated tweak tools (Liberty, Shadow, A-Bypass, hideJB), so modern apps combine local heuristics with App Attest server-side verification — App Attest will not produce a valid attestation on a jailbroken or simulated device. OWASP MASVS resilience controls treat jailbreak detection as a defense-in-depth signal, not a perimeter.
Como se defender contra Mobile Jailbreak Detection (iOS)?
As defesas contra Mobile Jailbreak Detection (iOS) costumam combinar controles técnicos e práticas operacionais, conforme detalhado na definição acima.
Quais são outros nomes para Mobile Jailbreak Detection (iOS)?
Nomes alternativos comuns: Jailbreak detection, iOS jailbreak check.
● Termos relacionados
- mobile-security№ 630
Jailbreak (iOS)
Processo de contornar a assinatura de codigo e o sandbox da Apple num iPhone ou iPad para instalar software nao aprovado pela Apple.
- mobile-security№ 780
Mobile Root Detection (Android)
Defensive checks an Android app runs to determine whether it is executing on a rooted device — typically by probing for su binaries, Magisk files, busybox, dangerous build properties, or hardware-attested integrity verdicts.
- mobile-security№ 062
Apple App Attest
Apple's iOS / iPadOS / tvOS / watchOS attestation service that lets an app prove to its backend that it is the genuine, App-Store-signed binary running on a real Apple device with Secure Enclave protection.
- mobile-security№ 772
Seguranca de aplicacoes moveis
Pratica de projetar, desenvolver e testar aplicacoes iOS e Android para proteger dados do utilizador, impedir engenharia reversa e resistir a manipulacao em tempo de execucao.
- mobile-security№ 481
Frida Dynamic Instrumentation
An open-source dynamic instrumentation toolkit by Ole André Vadla Ravnås that lets researchers hook, trace, and rewrite functions inside running processes on Android, iOS, Windows, macOS, and Linux — the de facto tool for mobile app reverse engineering and bypass research.
- compliance№ 871
OWASP MASVS
Mobile Application Security Verification Standard da OWASP, conjunto base de requisitos de seguranca testaveis para aplicacoes moveis iOS e Android.