On Apple devices running iOS and iOS-based operating systems, jailbreaking is the use of a privilege escalation exploit to remove software restrictions imposed by the manufacturer. Typically it is done through a series of kernel patches. A jailbroken device permits root access within the operating system and provides the right to install software not available through the App Store. Different devices and versions are exploited with a variety of tools. Apple views jailbreaking as a violation of the end-user license agreement, and strongly cautions device owners not to try to achieve root access through the exploitation of vulnerabilities. While sometimes compared to rooting an Android device, jailbreaking is the bypassing of several types of Apple prohibitions for the end-user. Since it includes modifying the operating system (enforced by a "locked bootloader"), installing non-officially approved (not available on the App Store) applications via sideloading, and granting the user elevated administration-level privileges (rooting), the concepts of iOS jailbreaking are therefore technically different from Android device rooting. One of the reasons for jailbreaking is to expand the feature set limited by Apple and its App Store. Apple checks apps for compliance with its iOS Developer Program License Agreement before accepting them for distribution in the App Store. However, their reasons for banning apps are not limited to safety and security and may be regarded as arbitrary and capricious. Apple's censorship of content and features.
This includes the iPhone 4S, iPhone 4, iPhone 3GS, and iPhone 3G models.
Many Chinese iOS device owners also jailbreak their phones to install third-party Chinese character input systems because they are easier to use than Apple's. In some cases, jailbreak features are adopted by Apple and used as inspiration for features that are incorporated into iOS and iPadOS. Jailbreaking also opens the possibility for using software to unofficially unlock carrier-locked iPhones so they can be used with other carriers. Phone model and baseband version (or multiple models and versions). This includes the iPhone 4S, iPhone 4, iPhone 3GS, and iPhone 3G models. An example of unlocking an iPhone through a Jailbreak utility would be Redsn0w. Through this software, iPhone users will be able to create a custom IPSW and unlock their device. Moreover, during the unlocking process, there are options to install Cydia the iPad baseband. Computer criminals may jailbreak an iPhone to install malware or target jailbroken iPhones on which malware can be installed more easily. The Italian cybersecurity company Hacking Team, which sells hacking software to law enforcement agencies, advised police to jailbreak iPhones to allow tracking software to be installed on them. On iOS devices, the installation of consumer software is generally restricted to installation through the App Store. Jailbreaking, therefore, allows the installation of pirated applications. It has been suggested that a major motivation for Apple to prevent jailbreaking is to protect the income of its App Store, including third-party developers and allow the buildup of a sustainable market for third-party software.
This, in turn, creates potential security issues for the jailbreak user.
However, the installation of pirated applications is also possible without jailbreaking, taking advantage of enterprise certificates to facilitate the distribution of modified or pirated releases of popular applications. A package manager or package-management system is a collection of software tools that automates the process of installing, upgrading, configuring, and removing computer programs. For jailbreaks, this is essential for the installation of third-party content. Upon jailbreaking the device, a lot of the built-in security is lost due to the vast amount of kernel patches that go into building the tool. Security structures like Apple Mobile File Integrity, Sandbox, Read-Only Root File system, and trusted apps get disabled or otherwise tampered with, to achieve the goals of the jailbreaking tool. This, in turn, creates potential security issues for the jailbreak user. Jailbreak users are also often forced to stay on an inferior iOS version that is no longer supported by Apple because newer versions usually cannot be jailbroken right away. This has the potential to introduce security issues because for these older versions there are known security vulnerabilities, exploits, and exploit proof of concepts published. SecureOS which could alert the users of security issues found on their devices. The application works akin to antivirus software, in that it scans the files on the user device and checks them against a database of known malware or unsafe repos. In June 2021, ESET Research has confirmed that malware did exist on one of the piracy repositories in the jailbreak community.
Jailbreaking of iOS devices has sometimes been compared to "rooting" of Android devices. Although both concepts involve privilege escalation, they do differ in scope. Where Android rooting and Jailbreaking are similar is that both are used to grant the owner of the device superuser system-level privileges, which may be transferred to one or more apps. However, unlike iOS phones and tablets, nearly all Android devices already offer an option to allow the user to sideload 3rd-party apps onto the device without having to install from an official source such as the Google Play store. Many Android devices also provide owners the capability to modify or even replace the full operating system after unlocking the bootloader. In contrast, iOS devices are engineered with restrictions including a "locked bootloader" which can not be unlocked by the owner to modify the operating system without violating Apple's end-user license agreement. And on iOS, until 2015, while corporations could install private applications onto corporate phones, sideloading unsanctioned, 3rd-party apps onto iOS devices from sources other than the App Store was prohibited for most individual users without a purchased developer membership. After 2015, the ability to install 3rd-party apps became free for all users; however, doing so requires a basic understanding of Xcode and compiling iOS apps. Jailbreaking an iOS device to defeat all these security restrictions presents a significant technical challenge. Similar to Android, alternative iOS app stores utilizing enterprise certificates are available, offering modified or pirated releases of popular applications and video games, some of which were either previously released through Cydia or are unavailable on the App Store due to these apps not complying with Apple developer guidelines.
Many different types of jailbreaks have come out over the years, differing in how and when the exploit is applied. When a jailbroken device is booting, it loads Apple's own initially. The device is then exploited and the kernel is patched every time it is turned on. An untethered jailbreak is a jailbreak that does not require any assistance when it reboots up. The kernel will be patched without the help of a computer or an application. These jailbreaks are uncommon and take a significant amount of reverse engineering to create. For this reason, untethered jailbreaks have become much less popular, and Fugu14 is currently the only jailbreak that supports recent iOS versions. A tethered jailbreak is the opposite of an untethered jailbreak, in the sense that a computer is required to boot. Without a computer running the jailbreaking software, the iOS device will not be able to boot at all. While using a tethered jailbreak, the user will still be able to restart/kill the device's SpringBoard process without needing to reboot. Many early jailbreaks were offered initially as tethered jailbreaks. This type of jailbreak allows a user to reboot their phone normally, but upon doing so, the jailbreak and any modified code will be effectively disabled, as it will have an unpatched kernel. Any functionality independent of the jailbreak will still run as normal, such as making a phone call, texting, or using App Store applications. To be able to have a patched kernel and run modified code again, the device must be booted using a computer. This type of jailbreak is like a semi-tethered jailbreak in which when the device reboots, it no longer has a patched kernel, but the key difference is that the kernel can be patched without using a computer.
Cydia as the primary third-party installer for jailbroken software.
The kernel is usually patched using an application installed on the device without patches. This type of jailbreak has become increasing popular, with most recent jailbreaks classified as semi-untethered. The iPhone Dev Team, which is not affiliated with Apple, has released a series of free desktop-based jailbreaking tools. Cydia as the primary third-party installer for jailbroken software. PwnageTool continues to be updated for untethered jailbreaks of newer iOS versions. In November 2008 the iPhone Dev Team released QuickPwn to jailbreak iPhone OS 2.2 on iPhone and iPod Touch, with options to enable past functionality that Apple had disabled on certain devices. After Apple released iPhone OS 3.0 in June 2009, the Dev Team published redsn0w as a simple jailbreaking tool for Mac and Windows, and also updated PwnageTool primarily intended for expert users making custom firmware, and only for Mac. It continues to maintain redsn0w for jailbreaking most versions of iOS 4 and iOS 5 on most devices. George Hotz developed the first iPhone unlock.
It used a flaw in PDF file rendering in mobile Safari.
1n for iPhone OS version 3.1.2 on the 3rd generation iPod Touch and other devices. In October 2010, George Hotz released limera1n, a low-level boot ROM exploit that permanently works to jailbreak the iPhone 4 and is used as a part of tools including redsn0w. It used a flaw in PDF file rendering in mobile Safari. OS 4.2.6 on CDMA (Verizon) iPhones. As of December 2011, redsn0w included the "Corona" untether by pod2g for iOS 5.0.1 for iPhone 3GS, iPhone 4, iPad (1st generation), and iPod Touch (3rd and 4th generation). In May 2012 it released Absinthe 2.0, which can jailbreak iOS 5.1.1 untethered on all iPhone, iPad, and iPod Touch models that support iOS 5.1.1, including jailbreaking the third-generation iPad for the first time. The hackers together called the evad3rs released an iOS 6.X jailbreak tool called "evasi0n" available for Linux, OS X, and Windows on Monday, February 4, 2013, at noon Eastern Standard Time. Due to the high volume of interest in downloading the jailbreak utility, the site initially gave anticipating users download errors. When Apple upgraded its software to iOS 6.1.3 it is permanently patched out the evasi0n jailbreak. In April 2013, the latest versions of Sn0wbreeze was released, which added the support for tethered jailbreaking on A4 devices (ieOn December 22, 2013, the evad3rs released a new version of evasi0n that supports jailbreaking iOS 7.0.x, known as evasi0n7.
On December 30, 2013, winocm, ih8sn0w and SquiffyPwn released p0sixspwn for untethering devices on iOS 6.1.3 - 6.1.5. Initially, it was necessary to jailbreak tethered using redsn0w and install p0sixpwn at Cydia. A few days later, on January 4, 2014, the same team released a version of p0sixpwn for jailbreaking using a computer. On October 22, 2014, Pangu Team released Pangu8 to jailbreak all devices running iOS 8-8.1. The first versions did not bundle Cydia, nor was there an iOS 8 compatible version of Cydia at the time. On 10 September 2015, 6 days before iOS 9 was released, iH8sn0w had demonstrated a working exploit on his Twitter page, linking to a YouTube video. On October 14, 2015, Pangu Team released Pangu9, their jailbreak tool for iOS 9.0 through 9.0.2. On March 11, 2016, Pangu Team updated their tool to support iOS 9.1 for 64-bit devices. On July 17, 2016, Pangu Team released Pangu93, a semi-untethered jailbreak tool for iOS 9.2-9.3.3. It was the first semi-untethered jailbreak and at the same time made within a sideloaded app, and included support only for 64bit devices. On mid-March 2017, jk9357 (aka @REALKJCMEMBER), part of the KJC (Kim Jong Cracks) hacking team, released the first semi-untethered jailbreak for 32-bit devices on 9.1-9.3.4, known as Home Depot.