Recently faced a issue securing iOS Application with Jailbreak detection on OS 12.1 with Liberty Lite enabled
I have jailbreak detection in AppDelegate and initial ViewController where I test following
File existence for below paths
/Applications/Cydia.app
/private/var/stash
/private/var/stash
/private/var/tmr/stash
/private/var/lib/cydiar/stash
/private/var/mobile/Library/SBr/stash
/Library/MobileSubstratr/stash
/Library/MobileSubstrate/DynamicLibrr/stash
/Library/MobileSubstrate/DynamicLibrarr/stash
/System/Library/LaunchDaemonr/stash
/System/Library/LaunchDaemons/com.sar/stash
/var/car/stash
/var/lir/stash
/var/lir/stash
/var/lor/stash
/var/tmr/stash
/bin/bashr/stash
/bin/shr/stash
/usr/sr/stash
/usr/liber/stash
/usr/bir/stash
/usr/libexer/stash
/etc/ssr/stash
/etr/stash
I test if application canOpenURL Schema "cydia://package/com.example.package"
Write file to stringToWrite.write(toFile:"/private/photos.txt"
Liberty Lite is able to bypass all 3 checks and let run the application on a Jailbroken device, is there any other way I can detect such by passing tweaks(Liberty Lite) and stop the application from running on a Jailbroken device
Essentially, no.
Any form of jailbreak check can be relatively easily worked around and a motivated user can always make another tweak for whatever check you might be using at the time. Consider it similar to attempts to prevent cracks for different software, it's just a game of whack-a-mole where the developing side is losing.
I wrote an article about this some time ago if you're interested into details of why this can't work.
Checkout this library here. Liberty detection is managed to be detected with the method isInjectedWithDynamicLibrary().
I have personally tested, and it works with my app on iOS 12.1.2 (iPhone 7).
Related
I have done my development for iOS application, want to figure out the performance of my application at mobile end.
Is there a tool that I can measure the performance of app for front end along with services APIs.
Xcode comes with Instruments.app. You can profile all kinds of things in there, both on the simulator and on a real device. Find it in Xcode under Product > Profile.
Check Instruments.app.
If you want to measure response time i think is not revelant because its depends of connectivity, but you can checkout firebase tools i actually using https://firebase.google.com/docs/perf-mon/
I suggest to put some timers in some portions of your code like this:
How to benchmark Swift code execution?
Pretty much what the title says.
I would like to install a 3rd party app on my iOS 11 device, but the only way to do so is by self-signing the .ipa and installing it via Cydia Impactor.
What are the possible security concerns in doing so?
How much control and access would said app have over my device once trusted?
There's no way of saying for certain.
Private APIs
iOS 11 fixed a number of vulnerabilities that allowed access to personal info such as SMS messages without user knowing. There might be other vulnerabilities but it looks like iOS 11 is pretty good in regards to private API access. Pretty much every known personal info leak was fixed.
The problem here is you can't do anything about it. Only way is to disassemble the application and see for yourself.
Permissions
Of course, there're many ways third-party app can steal your personal info if you give it the access. For example, contacts, calendar, call history (without phone number but still), microphone, photo library - once given permission to access, can be accessed at any point even when running in the background without you knowing it. Application can run in the background indefinitely, it's still not fixed by Apple.
Accessing location will always display an icon in the status bar so that's fine. But there're ways you can fool iOS to access location once and not display the icon. It's not reliable but it works.
If application is running in the foreground then it can access camera, microphone, location and iOS will not tell you anything about it. Recently there was an article about camera specifically. You can't tell when it's recording and that's a real problem.
Solution here is simple - don't give the permission.
Jailbreak
Jailbreaking relies on a number of vulnerabilities to modify kernel to disable security measures. No one is stopping you from using these exploits to be executed from a third-party app not meant for jailbreaking. In fact, all recent jailbreaks are done by installing an application using Cydia Impactor. And there's an actual example of that - Filza. It's a file manager that can access root file system. It does that by executing exploits used in jailbreak.
Solution here is to make sure your iOS is up to date and has no jailbreak for it. Of course there's a possibility of unknown exploits. Serious vulnerabilities found regularly in iOS. You can disassemble the application to see what it's actually doing but I don't think you would asking this question if you knew how do that.
I'm trying to log users individual app usage on iOS9.
I'd rather prefer that it wouldn't use jailbreak limited solutions, self explanatory. Doing the variation of this app on a jailbroken phone shouldn't be hard.
This will certainly not be released on the App Store as Apple wouldn't allow it.
I'm looking for any private API that can do this, any hidden iOS API's that can be used to do this. ANYTHING.
What I've already looked through:
how to determine which apps are background and which app is foreground on iOS by application id
How to know about app launched and details jailbreak iOS 7
Is there a private API to be able to detect what is current foreground app on iOS?
How to monitoring App running in the foreground in iOS8?use the PrivateFrameworks SpringBoardServices
which proved to be relatively helpful - we now can assume that there is some sort of additional access requirement, probably an entitlement, but we don't really know how it should look like
Can you find individual app usage duration using SpringBoard services framework or other private framework?
Find out active application or if on Springboard
Programmatically detect which iOS application is visible to user
However all of these proved to be unhelpful because Apple fixed this security flaw with iOS8 and the method to copy/access the currently front most app bundle identifier no longer works.
Question is: Is there someone who knows a workaround using different tools/exploits that do not require jailbreak?
Ideas:
inspecting the processes running on the device and devising an algorithm that would be able to recognize spikes that mean an app has been launched, which potentially could work, but it probably would be a major pain in the ass. Questions mentioning this solution:
Detect which app is currently running on iOS using sysctl,
Return a list of running background apps/processes in iOS
How to get Names of Background Running Apps
Find Background running apps in iphone
inspecting the phones traffic somehow?
not sure if there is some kernel stuff that I could do
Here is my Reddit version of this question if anyone wants to check it out. Also if it's of any value, here are the runtime headers for iOS9 and list of Apple's private API's.
Unfortunately, I was looking for a similar solution and have come to the conclusion that, at least at this point in time, there are no known methods that will allow you to determine app usage on iOS. Even the MDM providers such as Good, Airwatch, MobileIron, etc. don't seem to be able to do this. If anyone is able to come up with a solution, I'd love to see it.
For now, however, I think we would have seen a solution if someone had one that worked on the latest iOS.
sysctl is still open but they block certain combinations of selectors. I did this on iOS 7 and gave Apple Product Security the code. They won't patch iOS 7 but rely on App Review. iPhone 4 is wide open.
I'm currently trying to create a little app that should run in background. It should start with the system or springboard and run until the device shut's down. I searched for tutorials out there but doesn't found anything really useful. It would be great if someone would help me out.
Best regards
EDIT: I'm sure that it isn't possible in an app designed for the appstore, but i'm looking for a variant that work's on jailbroken devices.
ColinE's answer is wrong. SuperDev's is correct. You certainly can create services on iOS, just as on OS X.
As another reference, the best tutorial I've found on the subject is Chris Alvares' blog post on creating an iOS Launch Daemon. (Launch Daemon is the proper iOS terminology for what you're describing)
You may find additional useful information within the Apple Docs for Launch Daemons, or searching for OS X information, instead of just for iOS, where it requires jailbreaking (and therefore is less widely used).
Cydia has lots of apps that are launch daemons, or contain launch daemons (possibly in addition to a UI application).
Have you read about launch daemons? You could use one of those. An example is untrackerd by rpetrich, an awesome cydia developer.
This is not possible, you cannot create 'service' type apps:
iOS: Keep an app running like a service
This is by design. Apple limits the the capabilities of your apps in order to ensure a good user experience. If everyone could create background services, it would soon slow down the user's phones - like a Windows PC!
Have you tried reading about Mobile Substrate? It let's you build extensions for the springboard. That way you could run the app in the background.
My wife has a iPad and I was wondering if I could use it to develop iPad applications? I am assuming the answer is no.
Apple's development guidelines ban apps of this type from the store, so no you unfortunately cannot use the iPad to make iPad software (You can test the programs you write on your Mac on the iPad though). You need a Mac and the XCode IDE to actually create iPad / iPhone applications. You can learn more about this at http://developer.apple.com/
EDIT:
While it isn't possible to directly write code that runs on the iPad, you certainly can write code on the device itself. There is an app available in the app store called CodeToGo that lets you author programs in quite a few different languages. When you want to run your program, the code is actually uploaded to a server, executed there, and the results of that run are returned to you. This, or a similar program, is the closest you will currently get to writing code on the iPad (or iPhone).
Here is an article that talks about / reviews code editing programs for iOS.
Take a look at Codify. Not the whole 'write anything, run anywhere' experience, but a step in that direction.
Yes, it can. If you are a Lua developer, I recommend Codea (formerly known as Codify). For Python developers, I recommend Pythonista. Both apps allow you to write and test code in-app, and they even include support for graphics such as games. There is a GitHub project that actually lets you compile Codea projects into full-blown AppStore apps, the Codea Runtime. The app Touchline is one such application.
Unfortunately, there is not currently an official way to compile Pythonista apps and sell them on the AppStore. The developer has, however, made a utility that allows you to install webclip based icons on the homescreen that will run a Pythonista script. Also, there are plans to incorporate an export to Xcode mechanism in a future update of the app.
Check this out: http://www.slideshare.net/carlbrown/developing-ios-apps-on-your-ipad-with-xcab
I haven't tried it myself, but apparently he's created a way to code on the iPad, upload the code, download the compiled project, install it, and run it, all from the iPad. He says you cant do gui stuff, but at least you can do the logic on the run.
If you make for instance ruby on rails applications and let them have a mobile theme they can run in the safari browser of the ipad. The benefit of this is that you don't need Apple to review your code. The cons are that you can't use the appstore to sell and distribute your app.
But it can look and feel like a native ipad app.
I'm exploring this business model right now and would like to hear if others have done this.
Your app will run on an external server like Heroku, be archived on github.
Try CppCode - C/C++ IDE & Compiler that works on iPad/iPhone. http://cppcode.info