Feeds

Apple pulls jailbreak detection API

Knowing the known unknowns

Intelligent flash storage arrays

Apple has dropped support for the API that allows applications to ask if an iOS device has been jailbroken, though it seems that not a lot of people trusted it anyway.

The API was only introduced six months ago, but according to Infoworld has now disappeared or been disabled, leaving vendors of security products reliant on their own techniques to find out if a particular iOS device has been hacked open – which, it turns out, they were doing anyway as no one trusted the OS's word on the matter.

Jailbreaking is something owners of iOS devices do if they want to install applications they've developed themselves, applications of which Apple doesn't approve, or pirated applications for which they'd prefer not to pay... The Jailbreaking community is divided roughly along those lines, though many of the latter like to think of themselves as the former. In June, Apple updated the Mobile Devices Management API, which included a simple query allowing an application to ask the OS if it had been jailbroken: the API asked the OS to check various key indicators and report back, allowing the application to take appropriate steps.

That's more important in a corporate setting, where keyboard-sniffing software might be installed on a jailbroken device to intercept passwords or other corporate data. A simple check built into the corporate VPN or email client would render that impossible, assuming the API could be trusted.

Which is rather the problem – once the device is jailbroken, nothing the OS says can be trusted, so secure-client vendors already perform various checks of their own, which vary between vendors and gain some (limited) security through obscurity.

Those secure client vendors will end up racing the hackers, patching their own clients as the hackers create jailbreaks that forge credentials – but Apple has obviously decided that having a single API available on every iOS device was too big a target to defend. ®

Security for virtualized datacentres

More from The Register

next story
TEEN RAMPAGE: Kids in iPhone 6 'Will it bend' YouTube 'prank'
iPhones bent in Norwich? As if the place wasn't weird enough
Consumers agree to give up first-born child for free Wi-Fi – survey
This Herod network's ace – but crap reception in bullrushes
Crouching tiger, FAST ASLEEP dragon: Smugglers can't shift iPhone 6s
China's grey market reports 'sluggish' sales of Apple mobe
Sea-Me-We 5 construction starts
New sub cable to go live 2016
New EU digi-commish struggles with concepts of net neutrality
Oettinger all about the infrastructure – but not big on substance
EE coughs to BROKEN data usage metrics BLUNDER that short-changes customers
Carrier apologises for 'inflated' measurements cockup
Comcast: Help, help, FCC. Netflix and pals are EXTORTIONISTS
The others guys are being mean so therefore ... monopoly all good, yeah?
Surprise: if you work from home you need the Internet
Buffer-rage sends Aussies out to experience road rage
prev story

Whitepapers

A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.