Kevin Townsend asked me for my opinion on iGadget jailbreaking, in the light of the recent release of Absinthe, a jailbreaking tool for the iPhone 4s and iPad 2. As a result, I’m quoted in a useful article for Infosecurity magazine here that also includes quotes from luminaries such as David Emm and Luis Corrons. However, I thought I’d take the opportunity to expand on my thoughts here.
I understand why many security people (Luis for one, on the strength of the comments quoted here, and Paul Ducklin for another) have sympathy for the jailbreaking movement, but if you want to go that route, you need to know the implications and possible difficulties. More or less by definition, jailbreaking is a modification to the OS that might destabilize it in unexpected ways. And because as far as Apple is concerned, the owner has breached contract (rightly enough), the company is under no obligation to help you out in such a case, so there’s a (probably small) risk of an unintentional and unforeseeable integrity breach with no likely recourse from the source of the code. Thinking longer term, it’s not entirely rational to assume that all sources of jailbreaking tools are and always will be competent or even benevolent. And of course there’s no absolute certainty that any app, security or otherwise, will work as expected on a modified device.
That’s the hypothetical view. Less hypothetically, there aren’t any security apps for iGadgets that are really analogous to desktop AV. Apple is unlikely at this time to approve an app with the level of system kernel access that is necessary for the level of protection offered by commercial desktop AV with on-access scanning and anti-rootkit bells and whistles. In principle, not a big deal since Apple isn’t likely to approve the kind of frankly malicious app that would necessitate that level of protection, though there’s obviously the possibility that something malicious could slip through in the way that Charlie Miller’s
recent PoC did.
On a jailbroken iGadget, however, all (or at least some) bets are off: the nearest thing to viruses that have been seen to date on iOS have only worked on jailbroken machines. While I suppose you could design some kind of anti-virus app that actually took advantage of jailbreaking in order to improve security, it would pose all sorts of ethical and practical problems. Even if a company was willing to go that route (and AV companies are notoriously ethically straightlaced) I suspect that Apple would withdraw all cooperation across the board from them. A jailbroken device isn’t precisely analogous to an unrooted Android: while most Android AV is pretty patchy in performance, you can get AV that could be described as meeting a commercial standard.
As it is, while there are approved security apps that take a different approach to classic AV, the main defense for an iGadget is still Apple’s code inspection for approved apps. However, just after the article came out, Graham Cluley
noted an instance of a fake app that slipped through Apple’s approval process. Not the first, though it’s by no means a common occurrence. So I think it’s fair to say that while from a security point of view, conforming with Apple’s requirements is the safer route, there is no such thing as 100% safety, even in the App Store.
