Jailbreak detection

Jailbreaking is the process of circumventing security measures of the operating system. This is usually performed by the users of a device to customize the device beyond what the manufacturer allows. However, some of the available jailbreak techniques can be used by malware to gain extended permissions on a device (most even without the user being aware of this).

Most jailbreaks today are installed by the user of the device as an app, which requests, and gains elevated privileges to root or kernel access. Similarly, some of the available jailbreak techniques can be used by malware to gain extended permissions on a device.

Since a jailbroken device has a higher risk of being compromised, it is important to know about it. Even if the vendor of an application chooses to allow execution on jailbroken devices, detecting whether the device is jailbroken or not is essential for further security measures to determine the threats to which an application may be exposed.

Jailbreak detection can be performed in several ways. Simplistic approaches only test for the existence of files in the file-system that are associated with a jailbroken device. However, the existence of several 'jailbreak hider' tools that are available on iOS shows how easy it is to bypass these detection tools. Jailbreak detection is inherently a "cat-and-mouse" game between new jailbreak techniques and jailbreak detection methods.

App Shielding, while also implementing these simplistic detection mechanisms performs detection on multiple levels ranging from these well-known approaches to cutting edge low-level mechanisms that are targeted more towards detecting the essence of a jailbreak.