Mobile
Commentary
12/13/2010
09:03 AM
Eric Zeman
Eric Zeman
Commentary
Connect Directly
RSS
E-Mail
50%
50%

Apple Slices Jailbreak Detection API From iOS 4.2

The latest update to Apple's iPhone software and developer tools removes a security feature that was put there just six months ago.

Apple has used its constant software updates to push back against those who jailbreak their iPhones. It June, it added a host of enterprise features to iOS 4.0, including a new API that could be used to detect when an iPhone was jailbroken. The API was made available mostly for security reasons, as it allowed third-party device management companies such as Sybase to help its own customers secure their corporate data.

When Apple introduced iOS 4.2.1 in November, the API was removed.

Speaking to NetworkWorld, Joe Owen, vice president of engineering at Sybase, said, "We used it when it was available, but as an adjunct. I'm not sure what motivated their removing that....I've not had anyone [at enterprise customer sites] talk to me about this API being present or being removed." Sybase provides businesses with a mobile device management platform called Afaria.

The API worked by asking the operating system of it had been compromised. In order to jailbreak an iPhone, the software tools that do it make a number of changes to the operating system. The API could be used to examine a set of these vital system files to see if they'd been changed.

"It's an interesting concept -- asking the OS to tell you if it has been compromised," Owen said to NetworkWorld. "Because a smart attacker might first change that very part of the OS. Jailbreaks often get better and better at disguising the fact that anything has been compromised."

Companies such as Sybase had developed their own tools to detect jailbreaks, but the jailbreak detection API made it a lot easier by giving enterprise device management developers direct access to the necessary parts of the operating system.

Once a jailbreak was detected, businesses using software such as Sybase's Afaria could employ a number of resources, such as clamming up the phone, disabling it, sending alerts to IT and so on. The threat, of course, is that jailbroken iPhones are more susceptible to malware.

Apple declined to comment on why the API was removed.

Comment  | 
Print  | 
More Insights
InformationWeek Elite 100
InformationWeek Elite 100
Our data shows these innovators using digital technology in two key areas: providing better products and cutting costs. Almost half of them expect to introduce a new IT-led product this year, and 46% are using technology to make business processes more efficient.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - July 22, 2014
Sophisticated attacks demand real-time risk management and continuous monitoring. Here's how federal agencies are meeting that challenge.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.