Jailbreak Detection
Detection of jailbreak is a key RASP feature. An iOS device that has been jailbroken has its security violated. The iOS on a jailbroken device might be customized in many different aspects - the user interface might be adjusted, system behavior might be altered, system settings tweaked, system restrictions overridden, and unauthorized apps can be installed. This also means that the device might be exposed to security vulnerabilities.
Malwarelytics for Apple is able to detect that the app is running on a jailbroken device and can be configured to terminate the app in that case.
Configuration
let raspConfig = AppProtectionRaspConfig(
jailbreak: DetectionConfig
// configuration of other RASP features
)
Available values of DetectionConfig
:
Value | Description |
---|---|
.noAction |
indicates that jailbreak will not be automatically detected. A manual check is still possible. |
.notify |
indicates that jailbreak will be automatically detected and the delegates will be notified via the jailbreakDetected() method. |
.exit( exitUrl: String?) |
indicates that the jailbreak will be automatically detected and the app will be terminated when the jailbreak is automatically detected. |
Jailbreak detection defaults to .notify
.
List of available parameters for some config values:
Parameter | Description |
---|---|
exitUrl: String? |
defines the URL to be opened when the app is terminated because of the automatic detection. Defaults to nil . |
Usage
After service creation, the jailbreak detection feature can be accessed via AppProtectionRasp
. This can be used to add a delegate or to trigger a manual jailbreak detection check.
Observing Detection
Jailbreak detection can trigger a certain action. To achieve that, a delegate needs to be added.
Delegate configuration:
class RaspDelegate: AppProtectionRaspDelegate {
// other delegate code
func jailbreakDetected() {
// handle jailbreak detection
}
}
The delegate can be added in AppProtectionRasp
. When it is no longer needed, it can be removed again.
let raspDelegate = RaspDelegate()
appProtection.rasp.addDelegate(raspDelegate)
appProtection.rasp.removeDelegate(raspDelegate)
Triggering a Manual Check
Jailbreak detection check can be triggered manually in AppProtectionRasp
by getting the isJailbroken
property value. A simple Bool
answer is given.
let isJailbroken = appProtection.rasp.isJailbroken
More information on general RASP feature configuration and usage can be found in this overview.