Difference in security of a jailbroken iphone

Question

just to be more specific, I would like to know more about the system files that can be accessed with regards to a jailbroken phone.

From what I understand, each ios application has its own sandbox. A phone has root access once it is jailbroken, allowing creation of 3rd party system applications which result in accessing the system files. However, if I am not wrong, the sandbox is still there just that it has lesser restrictions hence allowing accessing of system files?(not sure about this part too).

So for a jailbroken phone, what kind of critical system files are we able to access from our created application that will go through the sandbox and which are not accessible from a unjailbroken phone? Is contact list a part of the critical system files, although I believe we are still able to get contact list without a jailbroken phone using the Address Book frameworks.

I may be wrong, but my term of Critical system files refers to system information that normal users would not like others to get hold of so I was thinking if contact list is part of it even though it does not require a jailbroken phone.

Take a look [at this](http://stackoverflow.com/q/15968845/119114) and maybe [this, too](http://stackoverflow.com/q/16026920/119114). — Nate, Nov 28 '13 at 07:10

score 2 · Accepted Answer · answered Nov 27 '13 at 20:19

2

Without taking Tweaks into consideration, an app is able to read/write/execute in the root directory /. Tweaks are able to do whatever they want (just like the app would - even an Apple pre-installed app), depending on where they are hook-ing. For example, a tweak I was working on for MobileSMS (the SMS app) can give me the passcode of your iCloud account stored in the keychain by default.

Long story short, jailbreaks equals zero security for an average user. On the other hand, there is only one exploit (at least to my knowledge) currently, that attacked iOS and came from GeorgiaTech a few months ago, hidden in an app on the App Store.

answered Nov 27 '13 at 20:19

Panagiotis

309
2
13

So is it right to say that with a jailbroken phone, the sandbox is still there but the app can execute codes that require root access such as sending spam sms? – user2541163 Nov 27 '13 at 23:01
Also, it would be good if u could list some examples of some information that a jailbroken phone can read that a unjailbroken cannot. Thanks – user2541163 Nov 27 '13 at 23:22
Unfortunately I am mobile, or I could send some sample codes. There are tons though if you google for sources! A example of access is that an app on jailbreak can read/write the `/var/mobile/Library/SMS/sms.db` SQLite file that contains your SMS messages, whereas the sandbox would have prevented it. Moreover, since you mentioned SMS, an app with the correct entitlement (a fake signature), importing CoreTelephony private framework, is able to send SMS messages! – Panagiotis Nov 28 '13 at 10:25
2

iOS includes the same inter-process communication functionality that OS X does (`NSDistributedNotificationCenter`, XPC, et al), so apps/tweaks can communicate to an unrestricted process such as SpringBoard (manager of the home screen, app switcher, etc) to do the work that the sandbox would usually disallow. An example is the library Sandcastle, which enables reading/writing files outside of the sandbox (however it was made with good intentions, eg, for browser download managers). Apple relies on the App Store approval process to prevent these APIs from being used. – kirb Nov 28 '13 at 23:46

Difference in security of a jailbroken iphone

1 Answers1