Apple has quietly removed or disabled an API meant to allow security software to detect jailbroken devices from afar, only months after adding it to iOS. NetworkWorld reports that the API, introduced in iOS 4.0, was part of a bundle of mobile device management APIs, but is not functional under iOS 4.2. In simple terms, the API allowed security software to remotely query the OS to see if it had been compromised, but according to one security engineer, the API was simple one piece of a larger set of checks used to determine jailbreak status.
“We used it when it was available, but as an adjunct,” said Joe Owen, vice president of engineering at Sybase, which offers Afaria device management software. “I’m not sure what motivated their removing that….I’ve not had anyone [at enterprise customer sites] talk to me about this API being present or being removed.”
Owen added that the API itself might not have been 100 percent reliable, as certain jailbreak routines could have compromised its functionality. “It’s an interesting concept – asking the OS to tell you if it has been compromised,” he added.
“Because a smart attacker might first change that very part of the OS. Jailbreaks often get better and better at disguising the fact that anything has been compromised.” Enterprises used the API, and still employ other jailbreak detection techniques, to block jailbroken devices from accessing potentially sensitive corporate data. Apple has yet to acknowledge the change in API status or give any reason for its apparent removal.
