Apple has disabled, without explanation, a jailbreak detection API in iOS less than six months after introducing it. Device management vendors say the reasons for the decision are a mystery, but insist they can use alternatives to discover if an iPhone, iPod Touch, or iPad has been modified so they can load and modify applications outside of Apple's iTunes-based App Store.
Apple declined to comment.
The new API was part of a bundle of MSM (mobile device management) APIs released in June with iOS 4.0. These APIs were available to third-party MDM applications, such as AirWatch or Sybase's Afaria. With the new APIs, these servers could access directly a range of features and information in iOS or on the device. But in the recently-released 4.2 version, the API intended for detecting jailbreaks has been either removed or disabled.
This detection API let the MDM applications in effect ask the operating system if it had been compromised. Jailbreak exploits typically change a number of operating system files, and exploit one or another low-level OS features to let users directly load their own or third-party applications. In October 2010, two separate jailbreaks made use of different vulnerabilities uncovered in the iOS boot ROM, for example. Apple warns that jailbreaking voids the device's warranty and could damage the phone.
Previously, some MDM vendors had created their own series of OS checks to detect jailbreaks, analogous to those performed by an anti-virus application on a PC, to discover if a jailbreak had occurred.
But the new detection API gave these applications direct access to information in the OS. In theory, the iOS device then "confesses" that it has been jailbroken, thereby triggering automatic responses such as alerting the helpdesk or shutting down access to corporate Exchange Server e-mail.
"We used it when it was available, but as an adjunct," says Joe Owen, vice president of engineering at Sybase, which offers the Afaria device management software. "I'm not sure what motivated their removing that.... I've not had anyone [at enterprise customer sites] talk to me about this API being present or being removed."