What is Jailbreak Detection and why is it critical for your organization?

23 Feb 2016

Home / Expert Advice / What is Jailbreak Detection and why is it critical for your organization?


David Graham, Principal Consultant, Certero

Originally posted in February 2016, revised in December 2019.

It is estimated that 9% of all iPhones are Jailbroken, with similar numbers for Rooted Android devices, but few organizations have Jailbreak Detection to protect IT infrastructure.


So, what is a Jailbroken or Rooted device?

‘Jailbreaking’ refers to iOS devices and ‘Rooting’ to Android devices. In short, Jailbreaking and Rooting involves running a privilege escalation on your device. In laymen’s terms, this is an app that turns the user into an administrator with full access and controls.

With the ability to download and run almost any app you want, why would someone want to do this to their devices? Well, the most common motivation for Jailbreaking or Rooting a device is OS and application modifications and sideways loading. What this means is the user can install applications from non-vendor official sources – some of which may be malicious or illegal (e.g. accessing online streaming services, without subscription).

The problem is particularly prevalent among iOS devices due to Apple’s strict app store regulations. When a device is Jailbroken, the root privileges in Apple’s factory installed iOS are replaced with custom kernel. These give fewer restrictions to the user and allows sideways loading. Android do allow users to install applications from non-app store sources. However, Rooting an Android device can lift other restrictions that carriers and manufactures impose.


What is the risk to your organization?

The sale of mobile devices is increasing year-on-year, with laptops and PCs in relative decline. Why is this significant? It means malicious agents, who previously targeted laptops and PCs, are refocusing on mobile devices because this presents the greatest opportunity for them to successfully carry out their objectives. As a result, cyber-attacks on mobile devices are on the rise, with the frequency and severity increasing.

75% of popular free apps for iOS have been hacked at some point, exposing the user’s data to malicious operators. Similarly, 87% the top 100 paid apps for iOS have also been hacked at some point. However, 98% of all malware attacks on mobile devices target the Android OS.

Users who have Jailbroken or Rooted devices are exposing themselves to potentially harmful malware from a wide range of untrusted or unverified publishers. Not only does this risk catastrophic security breaches for the user and their data, it also enables malicious agents to attack the networks these devices connect to – such as your organization.

As your organization is likely to have allocated mobile devices to your employees, or allowed employees to connect to your network, your data and systems may be at risk. For example, Jailbroken iOS devices often install a secure shell server that remote attackers can exploit, which is difficult to detect and secure. Jailbroken and Rooted devices are also prone to brute force attacks on passcodes, and applications that have not been reviewed can gain privileged access to destabilize your operating environment.

In addition, Jailbreaking a device can void the manufactures warranty, which can lead to unexpected costs if your mobile devices become damaged or broken. Carriers may also stop providing services to a user who has a Jailbroken device, as it violates their terms of service. This is because a Jailbroken device could allow a user to run a free Wi-Fi hotspot or tether an app to share 3G/4G service without added monthly fees. This could leave you paying for mobile phone services you cannot access, or worse.


How to detect Jailbroken and Rooted devices?

Clearly, Jailbreaking or Rooting a device can be very harmful to your organization. So what steps can you take to ensure you remain protected?

To fully protect your infrastructure, you need to be able to:

  • Gather comprehensive inventory of your devices
  • Centralize customization and configuration
  • Detect, disable or wipe Jailbroken and Rooted devices
  • Enforce strong corporate password policies
  • Apply encryption
  • Manage BYOD (Bring Your Own Device) devices

The only way to achieve this, with full peace of mind, knowing your network is safe, is with an automated Mobile Device Management (MDM) solution – like Certero for Mobile.

In addition to a comprehensive and accurate inventory, Certero for Mobile’s powerful security features give you Rooted device and Jailbreak Detection functionality as standard, helping you quickly identify devices in your network that are exposed to potentially serious security risks.

If you want to be even more proactive, Certero for Mobile’s alerting features help you make quick decisions on whether to remove individuals from the corporate network or block/wipe their Rooted/Jailbroken devices. Coupled with automated policies, you can routinely scan all your mobile devices to detect those that may be Jailbroken or Rooted and act as appropriate – including BYOD.

If you want to discover more about Certero can help you manage your mobile devices, request a call back or chat with an expert below.

Want more security for your mobile devices?