Hacker News new | past | comments | ask | show | jobs | submit login

Well, the reason that the Cydia store doesn't work, and that Saurik wasn't included in the discussions, is starting to become clear. A Chinese company paid the evad3rs a rumored 1 million dollars for the jailbreak, forcing their own App Store onto the phone.

If the computer running the jailbreak has Chinese as the main language, then the Chinese 太极 (taiji) market app is install. Cydia is available as an option, but it is deselected by default.





The default apps that get installed for Chinese users:


(via: https://twitter.com/a_titkov/status/414778967070359552)

The install screen for Chinese users:


(via https://twitter.com/a_titkov/status/414777987989774336)

So, if you want to run a heavily obfuscated application that exploits your phone, disables application signing, and installs uid 0 processes running on your phone... sponsored by China, go ahead. (The jailbreak app is heavily protected so that competing Chinese companies can't replace the Taiji app store with their own. But who knows what else is in there?)

Wow. This changes a whole lot of things.

This is basically the worst-case scenario for Apple in terms of jailbreaks: For the first time, there's an unknown corporate actor calling the shots, and the high code-signing security of iOS 7 has backfired, causing this to be the only jailbreak on the market.

If this becomes anywhere near as popular as Evasi0n for iOS 6.1 (over 7 million downloads in its first few days), Apple will have not simply lost control of the platform to a bunch of power users, but to a well-funded entity with unclear motives.

Apart from trying some kind of political game in China to shut this down (I don't know how much pull they have there for this sort of thing), I see only one solution, which is to change the rules of the fight: Port Gatekeeper to iOS. Kill the market for jailbreaks altogether.

  > (over 7 million downloads in its first few days),
  > Apple will have not simply lost control of the
  > platform to a bunch of power users
How about checking the number of iOS devices sold, comparing to your 7 millions and stopping big claims about Apple losing control over the platform? I'd also argue, that there are lot less reasons to jailbreak iOS 7 compared to iOS 6.

Minor nitpick: "Port Gatekeeper to iOS" doesn't make much sense; the built-in FairPlay DRM and code signing stuff is already a "gatekeeper on steroids". It's exactly the type of protection that a jailbreak would work around.

Pretty sure that by "Port Gatekeeper to iOS" he's talking about giving the users the ability to choose whether or not to run signed (or unsigned) code that doesn't come from the AppStore, exactly like you have on the Mac (see the bottom of the "General" tab of "Security & Privacy" in System Preferences.

Oh, you're right. That argument makes much more sense!

Unfortunately though, I doubt we'll ever see Apple giving up control of its App Store. They'll patch this one and move on, like always, making future jailbreaks even more difficult to produce.

At least the major publicity around jailbreaks means Apple will take these vulnerabilities seriously and patch them quickly. Which is a very good thing for the security of regular users. Scary to think of how long 0-day vulns like these would stay alive if there weren't in such demand by tweakers.

I bet someone will reverse engineer this jailbreak to figure out what what hole it uses and write one that is more open and/or installs Cydia by default.

Apple also will study it to find their security hole and close it in an OS update.

Just some additions:

- Taig[1] installs apps that run in the sandbox, not as root.

- The Taig app itself runs as root.

- Taig is removable if installed.

- Taig appears to contain a lot of copyrighted material.

- The evad3rs want to try to explain themselves[2]

[1] http://www.taig.com

[2] https://twitter.com/pod2g/status/414810704349499392

Apparently it also calls home with encrypted data: http://bbs.weiphone.com/read-htm-tid-7417919.html

Taig could install apps that run out of the sandbox, just like the apps that be installed by cydia. Taig is not removable, if you remove taig, your iOS will be to the DFU mode (Not safe mode).

Saurik did know about the Chinese company and tried to warn Evad3rs about piracy, but I read that Evad3rs thought that the app had nothing to do with piracy. [1]

(https://twitter.com/saurik/status/414836148737802240) (https://twitter.com/saurik/status/414836169218592769)


[1] "In our agreement with Taig, we contractually bind them to not have piracy in their store. This was an extremely important precondition of working with them." http://evasi0n.com/l.html

FWIW the evad3rs team responded:


I'm confused, nobody knows what's going on inside this jailbreak? People with enough technical knowledge to want to jailbreak will install something like that without it being open source?

I think you are overestimating the jailbreaking population. most of the people I know who jailbreak have very little technical knowledge at all. they just want to change their font, or keyboard, or something else of that nature. In fact not a single one of the people I know who actively jailbreak their phones probably even know what "open source" means, let alone the importance thereof

This sounds terrible. I just jailbroke my phone. What's the best path backwards ?

Restore and wait for an open source jailbreak not compiled by scumbags.

Except that there is never going to be an open source jailbreak. If it were open source, then Apple would be able to easily see what exploits are being used and patch them. In the past, has there ever been an open source jailbreak?

Apple will find the exploits for binary-only jailbreaks, no problem. Also, there's been several source code releases for jailbreaks before, like https://github.com/comex/star_

The details of exploits used in jailbreaks have typically been released [0] or reverse-engineered [1], so open-source or not, Apple will typically fix them in the subsequent release.

[0] http://conference.hitb.org/hitbsecconf2013ams/materials/D2T1...

[1] http://blog.accuvant.com/bthomasaccuvant/evasi0n-jailbreaks-...

Erase all content and settings, then restore from your pre-jailbreak backup.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact