Six months after introducing an API to help enterprise and security applications tell if the OS has been compromised, Apple has disabled or removed the “jailbreak detection” method from iOS 4.2, Network World reports. The unannounced discontinuation was noticed by device-management vendors but will not affect their ability to detect compromised iOS devices, they say.
Third-party MDM vendors had created their own utilities to check for jailbreaks, but Apple’s jailbreak detection API granted MDM applications direct access to iOS system information.
“We used it when it was available, but as an adjunct,” said Sybase vice president of engineering Joe Owen. “I’m not sure what motivated their removing that….I’ve not had anyone [at enterprise customer sites] talk to me about this API being present or being removed.“
The API was part of a set of mobile device management features incorporated into iOS 4. It essentially allowed applications to audit the OS to determine if the system had been compromised, the usual method by which jailbreaking code is injected. Some vendors speculated that because the OS audit itself could theoretically also be compromised, the API would eventually become useless anyway.
“Whatever [Apple] adds [in the OS] to detect the jailbreak, if it is to be queried from the iOS kernel, it must be accessible and have the ability to be changed,” security consultant Jeremy Allen told Cox. “Meaning, if it is going to be a useful detection method it can also be circumvented. It is a fairly intractable problem to solve 100%.“
Shutting down the API, while useful for companies worried about the potential security risks jailbreaking poses, won’t leave companies and developers out in the cold. There are other methods they can use to detect jailbroken devices, and in many cases those solutions are already in place. Apple hasn’t commented on its decision to pull the API. The move shouldn’t, however, be interpreted as Apple endorsing jailbreaking.