The latest update to Apple's iPhone software and developer tools removes a security feature that was put there just six months ago.
Apple has used its constant software updates to push back against those who jailbreak their iPhones. It June, it added a host of enterprise features to iOS 4.0, including a new API that could be used to detect when an iPhone was jailbroken. The API was made available mostly for security reasons, as it allowed third-party device management companies such as Sybase to help its own customers secure their corporate data.
When Apple introduced iOS 4.2.1 in November, the API was removed.
Speaking to NetworkWorld, Joe Owen, vice president of engineering at Sybase, said, "We used it when it was available, but as an adjunct. I'm not sure what motivated their removing that....I've not had anyone [at enterprise customer sites] talk to me about this API being present or being removed." Sybase provides businesses with a mobile device management platform called Afaria.
The API worked by asking the operating system of it had been compromised. In order to jailbreak an iPhone, the software tools that do it make a number of changes to the operating system. The API could be used to examine a set of these vital system files to see if they'd been changed.
"It's an interesting concept -- asking the OS to tell you if it has been compromised," Owen said to NetworkWorld. "Because a smart attacker might first change that very part of the OS. Jailbreaks often get better and better at disguising the fact that anything has been compromised."
Companies such as Sybase had developed their own tools to detect jailbreaks, but the jailbreak detection API made it a lot easier by giving enterprise device management developers direct access to the necessary parts of the operating system.
Once a jailbreak was detected, businesses using software such as Sybase's Afaria could employ a number of resources, such as clamming up the phone, disabling it, sending alerts to IT and so on. The threat, of course, is that jailbroken iPhones are more susceptible to malware.
Apple declined to comment on why the API was removed.
InformationWeek Elite 100Our data shows these innovators using digital technology in two key areas: providing better products and cutting costs. Almost half of them expect to introduce a new IT-led product this year, and 46% are using technology to make business processes more efficient.
The UC Infrastructure TrapWorries about subpar networks tanking unified communications programs could be valid: Thirty-one percent of respondents have rolled capabilities out to less than 10% of users vs. 21% delivering UC to 76% or more. Is low uptake a result of strained infrastructures delivering poor performance?
Join InformationWeek’s Lorna Garey and Mike Healey, president of Yeoman Technology Group, an engineering and research firm focused on maximizing technology investments, to discuss the right way to go digital.