Jailbreak Detection
| Plan | Platforms | MASVS |
|---|---|---|
| Free | iOS | MASVS-RESILIENCE-1 |
Overview
Jailbreak Detection identifies iOS devices where Apple's normal security restrictions may have been weakened or removed. Jailbroken devices can expose app data outside the sandbox, allow runtime modification, bypass code-signing assumptions, and make other app-shielding controls easier to attack.
When jailbreak risk is detected, AppTego applies your configured response. Teams can log the event, warn the user, restrict sensitive features, redirect to guidance, or close the app.
When To Use It
Use this control for:
- Banking, payments, wallets, healthcare, identity, government, or enterprise apps.
- Apps handling regulated data or high-value account actions.
- DRM, paid content, licensing, or anti-cheat enforcement.
- Any iOS app where local device compromise materially changes risk.
How It Works
The protected app evaluates multiple categories of iOS device-integrity indicators during initialization. Signals include filesystem, sandbox, runtime, and environment behavior associated with jailbroken devices and jailbreak tooling.
AppTego intentionally does not publish exact artifact lists, API probes, signature names, or execution order. Those details are protection logic and may change as jailbreak techniques evolve.
How to Enable the Control
Navigate to Detection & Response from the AppTego portal, and expand the Device Compromise Detection section. Under this section you will find the Jailbreak Detection control. Click Enable Configuration, choose the response action, and save the configuration for the next build or for it to be applied with a live push (if enabled).
API Configuration Example
{
"JailbreakDetectionResponse": {
"detection": true,
"protection": false,
"action": "exit",
"title": "Security Alert",
"message": "This app cannot continue on a modified iOS device.",
"buttons": ["OK"],
"actions": ["exit"],
"redirects": [""]
}
}| Field | Purpose |
|---|---|
detection | Enables or disables jailbreak detection. |
protection | Included for schema consistency with other controls. |
action | Selects the response style, such as exit, alert, log, or warn. |
title / message | User-facing text shown when a response is displayed. |
buttons / actions / redirects | Defines the available response buttons and their outcomes. |
Compatibility Notes
- No jailbreak detection can guarantee coverage against a fully controlled device.
- Internal testing on jailbroken devices should use a development configuration or logging response.
- Some security research workflows intentionally use jailbroken devices. Choose a response that matches your policy for research, QA, and production builds.
- Pair this control with Hooking Detection, Debugger Detection, App Tamper Detection, and Apple App Attest for stronger iOS coverage.