4

Possible Duplicate:
How do I detect that an SDK app is running on a jailbroken phone?

I see there are many ways to detect which device is jailbroken in xcode. How do I detect that an iOS app is running on a jailbroken phone?

I'm undestanding that: I don't want jailbroken device access to my app, so I put my detection code to my project, so all jailbroken device can't use it.

But a lot of paid app can install in jailbroken device (Angry Bird, Fruit Ninja...). Do I missunderstand, or there are some special reason so they don't do this (they want their app is popular...), or before app can be installed in jailbroken device, code of this app can be changed a little (I don't think so)?

Beside this, I see a lot of answer for question "How to detect that device is jailbroken" in this link above. I've found this: http://www.interiders.com/2011/10/26/enable-directv-to-work-on-jailbroken-ipad/

So, what is the best solution for detecting jailbroken device?

Community
  • 1
  • 1
cat
  • 357
  • 1
  • 5
  • 14
  • 1
    Is your question how to detect it or why people don't detect it? – icktoofay Oct 15 '12 at 04:09
  • If the question is *how* then it is a duplicate, if the question is *why* then it is off-topic/not constructive. – Fabrício Matté Oct 15 '12 at 04:11
  • 1
    There is no reason to keep your app from running on a jailbroken device. Just because the device is jailbroken doesn't mean your app was stolen or hacked. People do jailbreak their devices for reasons other than piracy. If you are worried about piracy and you want to waste your time playing cat and mouse with the pirates, then spend your time checking for a cracked app, not a jailbroken device. – rmaddy Oct 15 '12 at 04:12
  • 1
    If I wrote iPhone apps, the first thing I'd do would be to jailbreak an iPhone. I certainly wouldn't discourage others from doing it. – paddy Oct 15 '12 at 04:12
  • 2
    Tons of people jailbreak their devices for various reasons.. wifi hotspots or whatever.. a majority of them still pay for apps! You probably don't want to stop someone who buys your app on a jailbroken device to have it not work , right? – Alan Oct 15 '12 at 04:15
  • There's also a consideration that static binary analysis of some techniques to test if a phone has been jailbroken might appear to Apple to be attempts to jailbreak. Why add the risk of being rejected, while also limiting your audience? – user3486184 Mar 22 '19 at 17:30

1 Answers1

13

Why [don't] (all) great apps use “Detect jailbreak feature” to limit user[s] from their app?

Because why would you intentionally restrict your target market? Money from advertising, app sales, and in-app purchases that comes from jailbroken devices is just as real as the money that comes from non-jailbroken devices. So why would you throw your hand up and say "I want less money"?

What you may legitimately want to do is prevent piracy of your app. But detecting a jailbroken device isn't the same thing as detecting a pirated copy of your app. A jailbroken device can still install apps without pirating them.

Besides, generally speaking there's no 100% foolproof way to prevent piracy, apart from not publishing a desirable app. You'd do better if you focus on making an awesome app that everyone wants and most people pay for, and not worrying about the handful of pirates out there.

As for the "best" way to detect a jailbroken device, the question you linked to has lots of good suggestions:

How do I detect that an iOS app is running on a jailbroken phone?

...try some of them, and see which works best for you.

Community
  • 1
  • 1
aroth
  • 54,026
  • 20
  • 135
  • 176
  • You do this if your app contains some kind of information that you want to keep secure. On a jailed device, there are a number of security features that iOS supports that can give your information a high level of security. On a jailbroken device, many of those features are easily subverted. It's completely rational to say "our app contains sensitive data. if you want to use it, you must use a device with its OEM security measures intact". That's why. – Nate Jul 16 '14 at 22:01
  • @Nate - I think you're only getting the illusion of security in that case. For instance, someone could install and run your app _before_ jailbreaking their device, and then after the jailbreak is applied go in and access any information your app has stored. Without running the app again and giving it a chance to see that the device is now jailbroken. I'd suggest that if the app contains/manages sensitive information then it must take _its own_ steps to secure that information (at-rest encryption, for instance) instead of (or in addition to) relying upon the OS for security. – aroth Jul 16 '14 at 23:25
  • What if the sensitive information is *transient* (like an access token that expires)? Jailbreaking at a minimum requires several minutes to perform (which might time out a banking session, for example), a reboot, and hence a restart of all processes. That's not an illusion. Security is not a boolean condition. There are a continuum of levels of security, and having a jailbroken phone subverts several of those levels. Pretending there's no reason to do something like this (what the OP asked) always garners lots of up votes from coders eager to hear that they can just ignore security. – Nate Jul 19 '14 at 07:23
  • @Nate - Isn't it 'ignoring security' to rely upon the OS's security features? It seems unwise to assume that 'the OS does not _seem_ to be jailbroken, therefore I'll rely on its sandboxing implementation to keep my data safe'. All I'm saying is that if you have something that must be kept secure, you ought to secure it _yourself_ as opposed to counting on the OS to secure it for you. If you've taken appropriate measures to secure your own data, what protection the OS is/is not providing becomes much less relevant. – aroth Jul 19 '14 at 07:50