Prevent installation of iOS app in jail broken devices - ios

I want to prevent installation of my iOS app in jail broken devices. Is there any checks that can be done during installation to identitfy if the device is jail broken ? Is there any way to stop the installation if the device is jail broken?

Generally, it break down to two questions:
1) Detection of a jailbreak device.
There are plenty of different methods. None of them is 100% guaranteed to work.
Look at this question:
How do I detect that an iOS app is running on a jailbroken phone?
2) Taking some actions on a jailbroken device
As #Paulw11 mentioned, you can't stop installation and you can't uninstall.
The common way is just exit from your application (don't provide any useful functionality to a user). However, if your application have very high value, this protection can be removed by somebody who will reverse engineer your application.
Generally speaking, there is no bulletproof protection, but you can make it good enough, so it won't be worthwhile breaking it.

Related

iOS/iPadOS - How can we access /dev/tty.iap (for in-house apps)?

I wrote an iPad app to control a proprietary "robot" (based on a 3d-printer). With respect to providing a GUI to the robot, the iPad (mini) is ideal in a way, since it avoids additional I/O devices like e.g. a mouse or a keyboard and obviously comes with a display.
The app currently interfaces with the robot via WiFi (utilising WebSockets). While this basically works, every once in a while, latency seems to be an issue. At the same time, the WiFi interface to the robot seems to be a bit of overkill, since the iPad is physically mounted to the frame of the robot with a physical distance to its motherboard of less than 3 feet. - Also, the robot can be beautifully controlled from a serial terminal over UART (e.g. from macOS). - Therefore, I would like replace the WiFi/WebSocket communication with a simple serial interface.
Unfortunately, though, "/dev/tty.iap" does not seem to be accessible on iOS/iPadOS unless you enroll in Apple's MFI program, which - in this case - also appears as overkill, since our app will only ever be used internally. redpark.com makes (expensive MFI certified serial) cables and a library, which I consider a last resort ...
Jailbreaking the iPad might also be way to go. - However, I have no experience with this and would really like to avoid bricking the iPad. On the other hand, I have no basic objections against jailbreaking my device, which is exclusively used to control the robot.
Can anyone recommend a safe (e.g. jailbreak) route towards accessing "/dev/tty.iap" for in-house apps ? Would "/dev/tty.iap" be immediately accessible on a jailbroken iPad ? - Would the iPad have to be jailbroken again, everytime it is re-booted ? What would be a suitable Jailbreak tool for my purposes (candidates are iPad mini 5 with iPadOS 15.1 or iPad mini 2 with iOS 12.5.5) ? Are there any alternative routes towards accessing "/dev/tty.iap" for in-house apps (avoiding jailbreaking or MFI) ?
Thanks!
EDIT1 one more thought: There are numerous unpublished APIs providing access to normally "hidden" iOS-features. - While employing such APIs would disqualify any app for the AppStore, in "my" case, publishing the app is not even considered. Hence, if somebody is aware of unpublished functions that provide the desired access to "/dev/tty.iap", respective hints would also be appreciated very much.

iOS Private API: lock device and power off the screen

I'm making an app for jailbreak that lock the device when the user launch the app. I've tried GSEventLockDevice(); from GraphicsServices.framework but this does not work properly because it locks the screen but does not power off the screen. Is there another way to lock the screen without MobileSubstrate?
Just as another alternative, check out this answer, which uses SBDimScreen(). You could use that in conjunction with GSEventLockDevice().
It appears that you may now (iOS 5+) need to add an entitlement to your app to use this call successfully. If you haven't done that before, here is an example of how to do so. Obviously, in this case, the entitlement in question must be changed to com.apple.backboard.client.
You also might see if #VictorRonin has experimented with this, as he commented on the question I linked to. I tested SBDimScreen() on a jailbroken iOS 4.2.1 device, but my newer devices are currently unavailable to run this test. I'll try it later on iOS 5.x and post an update.
Note: the answer I linked to from Elias has a different call altogether for iOS 6.
Look at these several questions:
Simulating System Wide Touch Events on iOS
Simulating System Wide Touch Events in iOS without jailbreaking the device
How to send a touch event to iPhone OS?
The idea is that you can simulate system wide events. One of events is power down event. If you simulate it, it will turn off device and will lock it.
BTW. You may be interested to google more on GSEvent which is the key for even simulation.
Here are couple of useful links:
http://iphonedevwiki.net/index.php/GSEvent
http://networkpx.blogspot.com/2009/08/gsevent-recording-and-playback-in-30.html
Also, this approach isn't limited to jailbroken phones. It works on jailed phone too (however, you won't be able to post it to AppStore).

Controlling iOS device

Is it possible from my app to run in background, turn on/off other apps, control the iOS device without jailbreaking it? I understand that this app will not pass Apple's review/approval, but I am not planning it, instead, I just need to distribute it to clearly defined list of devices. I just prefer not to require to jailbreak device.. Is it possible?
I believe its possible without actually jailbreaking the physical device. Check out the second answer to this question for some more information. iOS app without developer program or jailbreak

MDM to secure app on private device

My clients use my app in their private devices which are not under any MDM-control or under control of a foreign company. I want to make sure that my app can only be executed when some requirements are met like:
device is not jailbroken
device-password is set
At the end I want to make sure that no data is leaked, when the app is installed on private devices.
Is it necessary to install a client like mobile iron? If I can install a mdm-profile, this must only guarantee the required conditions for my app.
How do I archive this goal?
iOS MDM management will enable you to tell if a managed device has a passcode set; I don't think there is any other way (short of jail-breaking) to detect this.
Your own application can attempt to do jailbreak detection; Apple's MDM by itself cannot do jail-break detection.
Someone has already asked a similar question about detecting a jailbroken device: Determining if an iPhone is Jail broken Programatically. There are also some answers to a question about checking if a password is set but I don't think the code in the answers covers this for you. You might want to check it out though.
You need to be aware that fighting these device compromises is an ongoing battle. There may be a point where the code you have written is ineffective at determining a jailbroken device. This means that you cannot promise that your app will not run on jailbroken devices unless you are planning on tracking all of the techniques in the wild, and releasing new versions to keep up with the threat.

How to make my app work only on iPhone 3G and higher

Is there a way to limit devices, i.e. iPhone 3G and higher, and not to support the iPhone 2G and lower. I can't find an element that is different. I would limit it to iOS 3.1, however I'm pretty sure that iPhone 2G and lower can run iOS 3.1.
There is a similar question about 3GS+. But 3G+? That might be tough. I don't see anything in the UIRequiredDeviceCapabilities that specifies the 3G radio. You could try using another key based on a hardware feature that the 3G has that the iPhone doesn't, but then you risk getting your build rejected by Apple.
Using run-time checks to detect hardware as Sam Ritchie also suggests is also a bad idea since (1) that will most certainly trigger a rejection, and if it doesn't (2) people with older devices will be able to purchase the app, only to find out it won't run, and they will complain, which will cause Apple to pull your app from sale anyway.
The only way to do it without resorting to things that Apple disallows is to target iOS 4.0 or higher. 4.0 does not run on the 1st generation. I realize you want to target iOS 3.1, but you either allow all devices, or target 4.0.
One nice way to do this would be to check out the UIDevice-Extension project on github. It gives you the ability to detect what hardware you're running on.
I suspect that the way to solve this would be to examine your app and figure out what exactly you don't want a user of an earlier phone to be able to access. Once you've narrows down the feature, you can easily check for the existence of that specific feature on the device. To do this, include the UIDeviceRequiredCapabilities key in Info.plist, and take a look at Apple's Build Time Configuration guide for a list of all possible values. You'll find it under the "Declaring the Required Device Capabilities" heading. Good luck!
Add some minimal Location based functionality to your app (so that Apple can't reject it), and then add the "gps" key to your app's UIRequiredDeviceCapabilities.
But consider that the percentage of 2G's users who actually still buy apps appears to currently be microscopic, and not worth bothering over. Just state the lack of support for these devices in your description.
This answer seems to answer your question:
https://stackoverflow.com/a/4128248/285694
The solution is to require "armv7" in the required device capabilities xml.

Resources