

Apple quietly drops iOS jailbreak detection API - elblanco
https://www.networkworld.com/news/2010/121010-apple-ios-jailbreak.html

======
extension
Obviously it's pointless to trust a device to tell you if it can be trusted or
not, but it's going to take a while for the enterprise market to figure this
out. They want badly for it to be possible and there are plenty of huckster
develpers out there to tell them what they want to hear.

What will make it especially hard to accept is that they've had nothing but
BlackBerries for a good decade now and that platform _can_ more or less be
trusted, but only because it's never been rooted. And the only reason it's
never been rooted is because nobody really cares.

Really, I think IT will just have to adapt to the idea that a smartphone is a
personal device and can only be trusted as much as its user, and it lives
outside the firewall. It's probably for the best anyway because phones _are_
very personal and I would find it creepy to carry one around that was
controlled by my employer.

~~~
stcredzero
_can more or less be trusted, but only because it's never been rooted_

Actually, I'd assume that there are a few Blackberries are rooted and have
rootkits on them. That's just too useful to not exploit. Someone doing
industrial espionage or law enforcement has probably already done this.

------
teilo
"Jailbroken devices pose a serious security threat to the enterprise. Even if
the end user doesn't intend to load malware, he will be completely unaware of
malware present in unauthorized apps."

This implies that the walled garden, by definition, is more secure. Non
sequitur. One could argue that the opposite is true:

1) The walled garden is implicitly trusted. This naturally will mean many
companies assuming that the applications which Apple approves need no further
security review. Apples review is demonstrably far from perfect. One might
even call it arbitrary.

2) If companies could create their own "app store" with only reviewed apps,
this would be much more secure than Apple's walled garden. This is possible on
a jailbroken device with a customized system image.

~~~
alanh
I can’t disagree with you enough. Taking the standard meaning of “jailbroken”,
your examples don’t actually work. The whole point is, you _don’t_ just
install “trusted” apps from any source, be it the App Store or your
hypothetical corporate whitelist, to a jailbroken iPhone. It _is_ a security
problem for an enterprise.

A jailbroken iPhone poses a risk in much the same way a Windows PC poses a
risk — that’s why IT forces everyone to run McAfee. Jailbroken phones will
also need malware detection!

~~~
jodrellblank
I can't tell if you're joking or not, but smartphone antivirus software does
exist: <http://www.kaspersky.co.uk/kaspersky_mobile_security>

~~~
Xuzz
That's not for iPhone.

------
juiceandjuice
I've always figured that Apple is lazy about fixing holes with jailbreaking
their devices because it's the best way to unofficially support devs and
development.

For example, if you want to do any sort of real automated app black box
testing for QA purposes, you really have jailbreak your phone.

------
duskwuff
None of the links in the article are useful. Does anyone know what this
supposed API is (and, better yet, link to Apple's documentation on it)?

~~~
btn
It's part of a set of tools for management of iOS devices for enterprises.
There was a session on MDM at WWDC, and a bit of information about the system
in this PDF: <http://images.apple.com/iphone/business/docs/iPhone_MDM.pdf>

------
fleitz
I bet most of the enterprises that are concerned about jailbroken iOS devices
being a threat to their security are the enterprises that force IE6 and its
security panacea upon their employees.

~~~
epochwolf
I happen to work for a company looking at iPads. I can tell you there is
concern about jailbroken devices. My team and the art department uses macs and
everyone else uses pcs with up to date copies of XP with IE8 and Firefox.
Firefox is the recommended browser for internal use.

~~~
Xuzz
However, for those who still use the original iPhone, jailbreaking is the
/only/ way to avoid a remote, browser-initiated, publicly available
vulnerability. :(

