iPhone users can choose from 1.5 million official apps. But for some, that’s not good enough. To add a personal touch and enjoy their device to the fullest, they alter the OS to bypass standard settings and restrictions. A myriad of apps and configuration tweaks become available through alternative app stores. However, jailbreaking also removes the strict security that Apple built into iOS.
Thinking of jailbreaking your new iPhone? Here’s everything you need to know.
Potentially Harmful Apps
Jailbreaking your iPhone will take you from Apple’s safe, controlled environment to an exciting, yet risky place, where malicious, unauthorized apps may reside. The danger is real – some 200,000 Apple users had their Apple credentials stolen by an iOS malware dubbed “KeyRaider,” targeting only jailbroken iOS devices.
Jailbreaking began in 2007-2008, when early iPhone adopters craving more apps started installing third-party tools like AppSnapp and ZiPhone. These gave them root-level access to the iOS file system and manager (unrestricted rights and permissions to all files) to install additional apps or tweaks – from UI hacks (like adding the five-icon dock or the Android-like-switching) to unofficial apps (like classic console emulators). As rebellious as it sounds, jailbreaking’s biggest problem is that it disables the “sandboxing” feature of iOS, an essential piece of the operating system’s security architecture. Sandboxing ensures third-party apps access only certain pieces of user data and of the OS so apps can’t normally flip through an address book, photos or location data without the user’s knowledge. Disabling sandboxing, however, lets apps access your data without asking for permission.
Jailbroken devices can also allow governments to tap into your device. The notorious Hacking Team, the company specialized in hacking-as-a-service, could silently hijack jailbroken iOS devices.
Late security updates
After you’ve jailbroken your iPhone or iPad, you can’t update iOS without reverting to the un-jailbroken default mode. Besides this annoying fact, sometimes you have to wait days or weeks before an updated jailbreak toolkit becomes available.
It’s not all about you
As personal as it may seem, this decision can have a major impact inside an organization. In a corporate environment, if a vulnerable device connects to a company-owned network, it can become a gateway for intrusions.
To help avoid breaches, an enterprise BYOD policy would need to ban the use of jailbroken phones. And since most malware needs to be manually installed, companies also need to educate users about the personal and business risks associated with a rooted or jailbroken device.
However, if you decide to “free” your device, remember to:
Change your root password. Root is the iPhone’s administrator account, and it provides access to everything on the phone. But everybody knows Apple’s default root password, so anyone with knowledge in connecting via SSH can easily access the contents of your iPhone wirelessly. It’s best to change it as soon as possible.
Update your mobile user password, too. This is the regular user account on the device.
Be careful what apps and software you trust. Download apps from reputable sources to reduce the chances of getting infected.
Jailbreaking is a two-edged sword so, before taking any action, think about it: are you trading security for convenience?