iOS Jailbreaking — A Perhaps-Biased Assessment
WHY do some people jailbreak their iOS devices, and why does Apple try to prevent them from doing so? Are the jailbreakers winning this fight, or is Apple? This article attempts to answer these questions.
First, a caveat: I am not an expert on jailbreaking. Also, I’m one of the most raging Apple fans you’ll ever meet. So is it really possible that this article could offer a reasoned view of this topic? Well, maybe. In the early ’80s, I killed a lot of time cracking copy-protection schemes on the Apple II, so I’ve been on the other side of this fence, and I know a fair amount about how computers (and protection schemes) work at a low level. Also, the subject of jailbreaking is highly politicized, and so you may not find anyone willing to give you the straight dope about it. For example, in the purportedly encyclopedic, reference site Wikipedia, the article on iOS jailbreaking currently has no more than this to say about why Apple would want to stop the practice:
Apple checks apps for compliance with its iOS Developer Program License Agreement before accepting them for distribution in the App Store. However, their reasons for banning apps are not limited to safety and security and may be regarded as arbitrary and capricious.
The entry (currently) does not mention piracy: not as a reason why Apple might want to block jailbreaking, nor as a reason why anyone would want to jailbreak their device. No mention of piracy at all, in the entire article!
So, to get a clear picture of this subject, you may have no choice to but rely on multiple sources — some pro-jailbreaking, and others con. Consider this the con position — but hopefully informative nonetheless.
Before iOS
In the quarter-century prior to the iPod, home computing systems came in roughly two categories: wild-west, anything-goes, tinkerer computers, and locked-down game consoles.
The game consoles ran only cartridges developed by pre-approved development companies. Piracy, while not necessarily impossible for serious commercial pirates who manufacture counterfeit merchandise, was completely impossible for casual users — i.e. the typical home user couldn’t conceivably copy game cartridges for their friends and family members. (They could, however, sell, trade, or give away cartridges they had grown bored with.)
The wild-west computers (i.e. all home/personal computing platforms prior to iOS) allowed rampant copying/running of any program at all. Software authors/publishers tried valiantly to create their own copy-protection schemes, but in vain, because all it took was one dedicated cracker to strip the copy-protection off of an app, and then any casual user could copy that app to blank media, unhindered. Even without the internet, pirated apps and games spread like wildfire from person-to-person. (Also, without the internet, it was pretty hard for people to purchase those apps legitimately; most of them couldn’t be found at the local computer store.)
In terms of encouraging a high quality and quantity of app development, each of these two systems had its own advantages and disadvantages: Game consoles were immune to casual piracy (and low-quality junk, and malware), but were only for games, and allowed little or no access to skilled indie development. Personal computers tapped into a huge base of developers, but left those developers vulnerable to casual piracy, and left the user vulnerable to malware and scams.
A widely touted truism is that casual piracy doesn’t really hurt software developers, because if the typical casual pirate has a thousand pirated apps, but could only conceivably have been expected to purchase ten of those apps if he hadn’t been able to pirate them, then 99% of that piracy didn’t really hurt anybody. The problem is that if the user doesn’t buy those ten apps, and those ten combined with those of other casual pirates’, make up 90% or more of potential purchases, then developer income may be only a small fraction of what it would be if that piracy had been impossible. Yes, you can’t count all the pirated copies as lost sales, but the great majority of sales may be lost nonetheless.
iOS
With its i-devices — starting with the iPod in 2001, which could play songs but not copy them to other iPods nor to personal computers, and leading to ultimate fruition with the App Store in early July of 2008 — Apple created a bold experiment: What would happen if we could combine the advantages of both systems in one? What if we could have an app platform that’s effectively locked-down against casual piracy (and even against the loaning, trading, and giving-away of used apps), against buggy, very-low-quality crap, and against scams and malware — but still keep the system highly accessible to the broad base of indie developers? What happens then?
Well, now we know! What happens is an explosion of quality app development, the like of which has never been seen on this earth. And while it’s true that the great majority of iOS app developers make little-or-no money (don’t I know), that’s simply due to intense competition. The high number of successful developers, and the degree of their success, is unprecedented.
Jailbreakers
Jailbreakers are persons who believe that iOS should be like all the personal computing platforms that came before it: anything goes; I can do whatever I please. As signified by the name they have chosen for their activity, “jailbreaking” (Apple refers to it simply as “hacking”), they think of Apple’s control of iOS as a “jail,” and so to figure out a way to disable Apple’s controls, and seize ultimate control of the device is equivalent to “breaking” out of Apple’s “jail.”
Jailbreakers never cite the desire for casual piracy as a reason to jailbreak their device. If it actually was, would they say so openly, given that piracy is illegal, and given that a public campaign to pressure Apple into giving up on a locked-down system will win more support if the public doesn’t think the crusade’s point is piracy?
We can’t read their minds, but we can learn a lot from their choice of terminology. If I said that physical locks on physical doors, and security cameras in stores, are a “jail” that should be forcibly “broken” — not so that I, or anyone else, can do illegal things, but just to facilitate good uses of such ultimate freedom — would anyone believe me? And even if they thought I was sincere, would they follow my advice? And if they did, what would be the result?
If all that these jailbreak people really want is the freedom to tinker with the inner workings of their own phones, then why don’t they just buy Android phones? Even if Android ultimately doesn’t win the market battle for the great majority of apps (or even users) — so what? Android phones will still exist if even a few percent of phone owners prefer them. If these people really consider iOS a jail, then it’s a jail they can easily walk right out of: to Android, or to some other mobile OS. Why the desire to prevent such a controlled ecosystem as Apple’s from existing at all — other than to facilitate mass, casual piracy? Because mass, casual piracy can be effectively facilitated only on the system for which the great bulk of quality apps are written. That would be iOS.
It’s super obvious why Apple wants to block jailbreaking. They’ve got the best thing going in app ecosystems, ever, and they don’t want it to be ruined. Duh.
So who’s winning the war?
Code Signing
Apple blocks jailbreaking with code signing, which uses the private/public key signing system. Here’s a quick description of how you use that (general) system:
- Make up a private key that you share with no one.
- Run the private key through an algorithm that generates its corresponding public key. You may share this public key with the public (if you want), and no one will be able to extract your private key from it.
- To digitally “sign” any document, you can run that document and your private key through an algorithm that generates a signature. You can append this signature to the bottom of your document to prove that you signed it.
- Anyone can verify your signature by running the signed document and your public key through an algorithm that reliably determines if the document was signed using your private key. (But the private key is never exposed.)
iOS uses code signing (to the best of my understanding) like this:
- When an iOS device is powered-up, it automatically runs a startup program in the ROM.
- The ROM program loads the first piece of the OS from mass storage (the flash memory chips) into main memory (RAM). The program expects this piece of code to be signed, and verifies the signature using a public key that is also contained in the ROM. (Only Apple has the private key.) If the signature looks good, the ROM program runs the program contained in that first piece.
- The first piece loads more pieces of the OS into RAM, and verifies those pieces’ signatures against the same public key in the ROM.
- This process continues until the entire OS is loaded and running.
- The OS expects all apps to be similarly signed by Apple, and won’t install and/or run them if they’re not.
If this scheme is working correctly, the only way to jailbreak an iOS device would be by physically cracking it open and replacing the ROM chips with custom ROM chips that permit the device to launch a non-Apple-signed, pirate version of iOS. Although a jailbreaker might indeed be able to do that, what they want to do is to create an internet-distributable program that will allow anyone to jailbreak their iOS device, with no physical modification required. That should be impossible — so how is it that any significant number of iOS devices are jailbroken at all?
Because of flaws. Like all hackers, jailbreakers simply look for unforeseen mistakes in Apple’s implementation of the above-described security system, vulnerabilities by which a hacker might inject malicious code into the device and get the processor running that code in a privileged mode where it can take over the system. An Operating System is an enormous beast, and eliminating all such flaws can be very hard, especially when new features are being added to the OS regularly.
Tethered vs. Untethered
There are two kinds of jailbreaks: “tethered” and “untethered.” The difference is that with an “untethered” jailbreak, you can restart the device without having to tether it to your computer and effectively re-jailbreak it. Naturally, jailbreakers prefer the untethered jailbreak.
While any jailbreak relies on finding a flaw in the OS that allows takeover of the system, an untethered jailbreak must also find a flaw in the startup process, so that when the device starts up, it can be tricked by the code in the flash memory into entering a jailbroken state. Finding such flaws in the startup process is much harder, and fixing those flaws is much easier, because the startup process is a much simpler thing than the full OS. For this reason, I have high confidence that Apple will always be able to cause sufficient trouble to the creators of untethered jailbreaks to prevent them from providing reliable, timely, untethered jailbreaks to the general public.
I have far less confidence that Apple can cause much trouble for tethered jailbreaking, because the entire OS would have be flawlessly secured to accomplish that. But it doesn’t matter, because if most members of the iOS-using public wouldn’t even consider a tethered jailbreak, then all Apple has to do to keep winning this war is to cause a lot of difficulty for the creators of untethered jailbreaks. Which they seem to be doing.
When the iPhone 5 was released, it took jailbreakers four months to figure out how to jailbreak it; then Apple promptly patched it so the jailbreak wouldn’t work. The latest version of iOS (8.1.3) has been out for the better part of a month with no jailbreak in sight. The only people who will put up with these kinds of delays and unreliability are people who have a dedicated hatred of the new world Apple is creating, a philosophical mental block against the idea that wild-west computing shouldn’t go on forever.
Winning
It’s hard to find anything like a consensus about what percentage of iOS users jailbreak their devices. But here’s a clue: When Apple released iOS 7, the user adoption rate reached 60% in about a week, whereas the first jailbreak wasn’t available for over three months. This strongly suggests that most people are plenty happy with the system Apple has created, and aren’t consumed with the craving to subvert it.
In about a decade, we will have seen a quarter-century of the locked-down iDevice — equalling the quarter-century of personal computing that preceded it. Does anyone really doubt that we will look back and say that a revolution was in the making? If you invest for the long term, consider this fair warning.
Update 2015.09.21 — Five days after iOS 9’s release, Cybersecurity startup Zerodium openly offering $3 million for discovery of untethered jailbreaks.
Update 2017.11.27 — Lead jailbreaking pioneers now say that iOS jailbreaking is effectively over.
Update 2019.09.28 — Flaw discovered in iPhone’s boot ROM that enables a (tethered) jailbreak which Apple presumably can’t block with any software update (but will be able to block in all future iPhones).
Update 2020.05.24 — Zero-day exploit enables hackers to release a new jailbreak of all recent iPhones, that works on even the most current version of iOS. However, “[t]he process of performing the jailbreak on an iPhone is a relatively lengthy procedure, with the number of steps required making it potentially daunting to most users,” and, “[i]t is unclear how long the jailbreak will be functional for, as Apple is highly likely to be working on discovering and fixing the vulnerability.” (One-week update: Vulnerability fixed by Apple.)
See also:
iOS Jailbreaking — A Perhaps-Biased Assessment
&
A Secure Backdoor Is Feasible
&
Method of Implementing A Secure Backdoor In Mobile Devices
&
When Starting A Game of Chicken With Apple, Expect To Lose
&
Make Your Own FBI iPhone Backdoor, Right Now
&
Tim Sweeney Plays Dumb
&
Apple Wants User/Developer Choice; Its Enemies Want Apple Ruin