nick jonas, Neighbor

iOS jailbreaking

Jailbreaking refers to privilege escalation on an Apple device to remove software restrictions imposed by Apple on iOS, iPadOS, tvOS, watchOS, bridgeOS and audioOS operating systems. Typically it is done through a series of kernel patches. A jailbroken device permits root access within the operating system and provides the opportunity to install software not available through the iOS App Store. Different devices and versions are exploited with a variety of tools. Apple views jailbreaking as a violation of the End-user license agreement, and strongly cautions device owners from attempting to achieve root access through exploitation of vulnerabilities.

While sometimes compared to rooting an Android device, Jailbreaking is the bypass of several types of Apple prohibitions for the end user. Since it includes modifying the operating system (enforced by a "locked bootloader"), installing non-officially approved (not available on the App Store) applications via sideloading, and granting the user elevated administration-level privileges (rooting), the concepts are different.

Motivation

One of the reasons for jailbreaking is to expand the feature set limited by Apple and its App Store. Apple checks apps for compliance with its iOS Developer Program License Agreement before accepting them for distribution in the App Store. However, their reasons for banning apps are not limited to safety and security and may be regarded as arbitrary and capricious. In one case, Apple mistakenly banned an app by a Pulitzer-Winning cartoonist because it violated its developer license agreement, which specifically bans apps that "contain content that ridicules public figures." To access banned apps, users rely on jailbreaking to circumvent Apple's censorship of content and features. Jailbreaking permits the downloading of programs not approved by Apple, such as user interface customization and tweaks.

Device customization

Since software programs available through APT and or Installer.app (legacy) are not required to adhere to App Store guidelines, many of them are not typical self-contained apps but instead are extensions and customization options for iOS and its features and other apps (commonly called tweaks). Users install these programs for purposes including personalization and customization of the interface by tweaks developed by developers and designers, adding desired features such as access to the root file system and fixing annoyances, and making development work on the device easier by providing access to the filesystem and command-line tools. Many Chinese iOS device owners also jailbreak their phones to install third-party Chinese character input systems because they are easier to use than Apple's.

In some cases, jailbreak features are adopted by Apple and used as inspiration for features that are incorporated into iOS.

Carrier unlocking

Jailbreaking also opens the possibility for using software to unofficially unlock carrier-locked iPhones so they can be used with other carriers. Software-based unlocks have been available since September 2007, with each tool applying to a specific iPhone model and baseband version (or multiple models and versions). This includes the iPhone 4S, iPhone 4, iPhone 3GS, and iPhone 3G models. An example of unlocking an iPhone through a Jailbreak utility would be Redsn0w. Through this software, iPhone users will be able to create a custom IPSW and unlock their device. Moreover, during the unlocking process, there are options to install Cydia the iPad baseband.

Installation of malware

Computer criminals may jailbreak an iPhone to install malware or target jailbroken iPhones on which malware can be installed more easily. The Italian cybersecurity company Hacking Team, which sells hacking software to law enforcement agencies, advised police to jailbreak iPhones to allow tracking software to be installed on them.

Software piracy

On iOS devices, the installation of consumer software is generally restricted to installation through the App Store. Jailbreaking, therefore, allows the installation of pirated applications. It has been suggested that a major motivation for Apple to prevent jailbreaking is to protect the income of its App Store, including third-party developers and allow the buildup of a sustainable market for third-party software. However, the installation of pirated applications is also possible without jailbreaking, taking advantage of enterprise certificates to facilitate distribution of modified or pirated releases of popular applications.

Cydia, a popular package manager installed on jailbroken devices

A package manager or package-management system is a collection of software tools that automates the process of installing, upgrading, configuring, and removing computer programs. For jailbreaks, this is essential for the installation of third-party content. There are a few package managers specifically for jailbroken iOS devices, of which the most popular are Cydia, Sileo, Zebra and Installer 5.

Repositories

Most package managers for iOS jailbreaking are built upon a decentralized model that allows users to install packages from any source on the internet. Every jailbreak and package manager comes with a set of default repos. As of unc0ver v3.5.1, this default list includes BigBoss, Dynastic Repo, Hashbang/Chariz, ZodTTD, and ModMy (the latter two are mostly obsoleted and remain for archival purposes).

Comparison to Android rooting

Jailbreaking of iOS devices has sometimes been compared to "rooting" of Android devices. Although both concepts involve privilege escalation, they do differ in scope.

Where Android rooting and Jailbreaking are similar is that both are used to grant the owner of the device superuser system-level privileges, which may be transferred to one or more apps. However, unlike iOS phones and tablets, nearly all Android devices already offer an option to allow the user to sideload 3rd-party apps onto the device without having to install from an official source such as the Google Play store. Many Android devices also provide owners the capability to modify or even replace the full operating system after unlocking the bootloader.

In contrast, iOS devices are engineered with security features including a "locked bootloader" which can not be unlocked by the owner to modify the operating system without violating Apple's end-user license agreement. And on iOS, until 2015, while corporations could install private applications onto corporate phones, sideloading unsanctioned, 3rd-party apps onto iOS devices from sources other than the Apple Store was prohibited for most individual users without a purchased developer membership. After 2015, the ability to install 3rd-party apps became free for all users; however, doing so requires a basic understanding of Xcode and compiling iOS apps.

Jailbreaking an iOS device to defeat all these security restrictions presents a significant technical challenge. Similar to Android, alternative iOS app stores utilizing enterprise certificates are available, offering modified or pirated releases of popular applications and video games, some of which were either previously released through Cydia or are unavailable on the App Store due to these apps not complying with Apple developer guidelines.

Jailbreaking tools

Types of jailbreaking tools

Visit: https://www.intrixjb.com/

Many different types of jailbreaks have come out over the years, differing in how and when the exploit is applied.

Untethered Jailbreak

When a jailbroken device is booting, it loads Apple's own kernel initially. The device is then exploited and the kernel is patched every time it is turned on. An untethered jailbreak is a jailbreak that does not require any assistance when it reboots up. The kernel will be patched without the help of a computer or an application. These jailbreaks are uncommon and take a significant amount of reverse engineering to create. For this reason, untethered jailbreaks have become much less popular, with none supporting recent iOS versions.

Tethered Jailbreak

A tethered jailbreak is the opposite of an untethered jailbreak, in the sense that a computer is required to boot. Without a computer running the jailbreaking software, the iOS device will not be able to boot at all. While using a tethered jailbreak, the user will still be able to restart/kill the device's SpringBoard process without needing to reboot. Many early jailbreaks were offered initially as tethered jailbreaks.

Semi-tethered Jailbreak

This type of jailbreak allows a user to reboot their phone normally, but upon doing so, the jailbreak and any modified code will be effectively disabled, as it will have an unpatched kernel. Any functionality independent of the jailbreak will still run as normal, such as making a phone call, texting, or using App Store applications. To be able to have a patched kernel and run modified code again, the device must be booted using a computer.

Semi-untethered Jailbreak

This type of jailbreak is like a semi-tethered jailbreak in which when the device reboots, it no longer has a patched kernel, but the key difference is that the kernel can be patched without using a computer. The kernel is usually patched using an application installed on the device without patches. This type of jailbreak has become increasingly popular, with most recent jailbreaks classified as semi-untethered.