Virtualization Technology News and Information
Guardsquare 2023 Predictions: Mobile App Sec Will Move Beyond Jailbreak and Root Detection in 2023


Industry executives and experts share their predictions for 2023.  Read them in this 15th annual series exclusive.

Mobile App Sec Will Move Beyond Jailbreak and Root Detection in 2023

By Ryan Lloyd, Chief Product Officer, Guardsquare

Jailbreaking (iOS) and rooting (Android) devices have long been strategies that tech-savvy end users have implemented to gain higher administrative privileges, allowing them greater control over their phone or tablet. With that control, they can customize nearly every aspect of the device's user interface (UI), sideload, or install apps that aren't approved by Google Play or the Apple App Store, add new features to older devices, test mobile apps for weaknesses, and more. Unfortunately, this also disables many of the built-in protections provided by the operating system (OS).

While both Apple and Google take a strong stance against this practice, it technically isn't illegal. However, its popularity with attackers has caused many mobile app developers to rely heavily on this threat indicator as a security precaution, programming their apps to limit the user or crash the app when a jailbroken or rooted state is detected.

For several reasons, developers are recognizing that jailbreaking and rooting are difficult to prevent, and centering your mobile app security strategy around them won't be sufficient moving forward.

Three Reasons Mobile App Security Will Move Away from Jailbreak and Root Detection

#1 Inconclusive indicator of intent to reverse engineer or tamper an app

While Android users can download many apps from sources other than Google Play, iOS restricts users to only those provided within the Apple App store. If an iPhone owner wants greater freedom in how they use their phone, they may choose to jailbreak the device. There are many reasons for jailbreaking and rooting devices that don't automatically imply malicious activity.

For example, someone may download a mobile gaming app from an unofficial, third-party app store, in order to avoid in-game ads, freely access paid features, and implement cheat codes. These games are not made or approved by the device's manufacturer and must be sought elsewhere, requiring that the device be jailbroken/rooted.

Unfortunately, users such as these often trigger a false indication of intent within jailbreak detection mechanisms. While they may have correctly flagged a potentially risky device, they lack the capability to differentiate between real threat actors and users who are simply seeking gaming advantages or to unlock paid features. Booting the latter from your mobile banking or mHealth app, for example, could be incredibly inconvenient and lead to a poor UX overall.

#2 Evasive techniques are constantly being developed

While some users jailbreak or root their mobile device without the intent to cause harm, there are many who do so for malicious purposes, such as pirating apps, music, and software or accessing a broader and more powerful array of hacking tools.

Historically, the wide net cast by a mobile app's jailbreak or root detection process could swiftly identify and block these threat actors. However, in recent years, more sophisticated jailbreak detection bypass tools have come into play, allowing them to conceal their jailbroken state or circumvent a mobile app's detection mechanisms.

Without additional protections, these malicious users can (and do) continue to function outside the usual OS functionality. From there, they can reverse engineer or clone your app and utilize other tools to gain access to sensitive data.

#3 Trollstore makes it easier than ever for users to install modded apps

With the launch of each new version of their operating systems, iOS and Android have done their best to make their devices more difficult to jailbreak or root, but new privilege escalation exploits continue to emerge.

One example is Trollstore, the new iOS tool that came onto the market in September of this year. Trollstore makes downloading cloned or modded mobile apps easier than ever without requiring that a user jailbreak their device. This enables them to bypass both repackaging prevention and jailbreak detection.

For these reasons, developers will need more sophisticated mechanisms beyond jailbreak detection mechanisms when establishing the security posture of their mobile app.

Mobile App Sec Will Shift in a New Direction in 2023

Moving into 2023, we'll see growing awareness in the mobile app development community about the true nature of jailbroken and rooted devices. With increasingly sophisticated jailbreaking and cloaking mechanisms, developers cannot assume that jailbreak detection can also determine malicious intent or that malicious intent requires a jailbroken device. Developers need to ensure their apps have more thorough and sophisticated protection mechanisms.

Developers will increasingly implement a multi-layered protection strategy, based on a three-pronged approach that includes:

  1. Integrating security testing earlier in the development lifecycle, ensuring vulnerabilities are mitigated and more difficult to compromise even if running on a compromised mobile device.
  2. Layering protection measures, such as code hardening and robust runtime application self-protection (RASP) with an appropriate set of protections for the threat model.
  3. Continuously monitoring the app after launch to identify threat actors and security gaps.

One thing is certain: developers can no longer rely on jailbreak/root detection as a holistic prevention mechanism. They need more robust, layered security measures or their mobile applications may fall prey to threat actors taking advantage of vulnerabilities.



Ryan Lloyd, Chief Product Officer, Guardsquare


Ryan leads the product team at Guardsquare. In his role, he is responsible for overseeing the product vision and strategy. As an experienced, strategic product management executive with a background in software engineering Ryan is focused on ongoing innovation, partnering with the world's leading enterprises and finding innovative ways to shine a light on the challenges and opportunities in mobile application security. Prior to joining Guardsquare, Ryan led product management teams at Veracode, SmartBear, PTC and MKS.

Published Tuesday, November 08, 2022 7:34 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<November 2022>