Determining if an iPhone is Jail broken Programmatically Determining if an iPhone is Jail broken Programmatically ios ios

Determining if an iPhone is Jail broken Programmatically


iphone objective-c ios cocoa-touch jailbreak

Here is one of the ways to detect if your app was cracked.

In short: the cracking usually requires changing the Info.plist. Since it's regular file you have access to, it's pretty easy to determine such changes.

iphone objective-c ios cocoa-touch jailbreak

Detecting a jailbroken phone is as easy as checking for the presence of /private/var/lib/apt/ folder. Although this doesn't detect Installer-only users, by now most have have installed Cydia, Icy or RockYourPhone (all of which use apt)

To detect pirated users, the easiest way is to check for the presence of a SignerIdentity key in your app's Info.plist. Since advanced crackers can easily find the standard [[[NSBundle mainBundle] infoDictionary] objectForKey: @"SignerIdentity"] checks, it is best to obscure these calls using the Objective C runtime available via #import <objc/runtime.h> or use alternative equivalents.

iphone objective-c ios cocoa-touch jailbreak

Just to expand on zakovyrya's reply, you could use the following code:

if ([[[NSBundle mainBundle] infoDictionary] objectForKey: @"SignerIdentity"] != nil) {  // Jailbroken}

HOWEVER, the person jailbreaking your app can hexedit your program and as such, they could edit the string @"SignerIdentity" to read @"siNGeridentity" or something else which would return nil, and thus pass.

So if you use this (or any of the other suggestions from http://thwart-ipa-cracks.blogspot.com/2008/11/detection.html):

  • Don't expect it to work forever
  • Don't use this information to break/hinder your app in any way (otherwise they'll have cause to hexedit it, so your app won't know it is jailbroken)
  • Probably wise to obfuscate this bit of the code. For example, you could put the base64 encoded reversed string in your code, and then decode it in the app by reversing the process.
  • Validate your validation later in your code (e.g. when I said SignerIdentity, did it actually say SignerIdentity or siNGeridentity?)
  • Don't tell people on a public website like stackoverflow how you do it
  • Keep in mind it is only a guide and is not fool-proof (nor cracker-proof!) - with great power comes great responsibility.

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last