Mobile Jailbreak Detection (iOS).

Runtime checks an iOS app performs to determine whether the device has been jailbroken — looking for Cydia/Sileo/Zebra files, suspicious URL schemes, write access outside the sandbox, or App Attest disagreement. Относится к категории Мобильная безопасность в кибербезопасности.

Runtime checks an iOS app performs to determine whether the device has been jailbroken — looking for Cydia/Sileo/Zebra files, suspicious URL schemes, write access outside the sandbox, or App Attest disagreement.

Mobile jailbreak detection is the iOS counterpart to Android root detection. An iOS app inspects its running environment at sensitive moments to estimate whether the device has been jailbroken and therefore whether the app sandbox and Keychain assumptions still hold. Common heuristics include filesystem checks for `/Applications/Cydia.app`, `/Applications/Sileo.app`, `/Applications/Zebra.app`, `/usr/sbin/sshd`, and other Cydia Substrate paths; openURL probing for `cydia://`, `sileo://`, `filza://`; checking whether the app can write outside its sandbox (e.g. to `/private/foo.txt`); detecting suspicious dyld libraries (`MobileSubstrate`, `frida-gadget`); fork() returning success (jailbroken iOS allows it, sandboxed apps cannot); and signing-entitlement / signer-identity checks. As with Android root detection, all of these can be defeated by sophisticated tweak tools (Liberty, Shadow, A-Bypass, hideJB), so modern apps combine local heuristics with App Attest server-side verification — App Attest will not produce a valid attestation on a jailbroken or simulated device. OWASP MASVS resilience controls treat jailbreak detection as a defense-in-depth signal, not a perimeter.

Защита от Mobile Jailbreak Detection (iOS) обычно сочетает технические меры и операционные практики, как описано в определении выше.

Распространённые альтернативные названия: Jailbreak detection, iOS jailbreak check.