Lack of Jailbreak/Root Check in iOS
Play iOS Labs on this vulnerability with SecureFlag!
Prevention
Apple (and, by extension, iOS) does not have built-in methods for detecting such device intrusions; therefore, we need to develop some of our own. Luckily swift has many ways to check for files and attempt to do things only a jailbroken device could do.
We can use the swift FileManger to check for the existence of files that could only be stored on a Jailbroken device.
FileManager.default.fileExists(atPath: "/bin/bash")
FileManager.default.fileExists(atPath: "/Applications/Cydia.app")
We can also attempt to call the Cydia URL handler and see if it opens, indicating that it is on the system even if not in the standard location:
UIApplication.shared.canOpenURL(URL(string:"cydia://package/com.example.package")!
Finally, we can attempt to write privileges on the system where the app should not be able to write to:
stringToWrite.write(toFile:"/private/testFile.txt", atomically:true, encoding:String.Encoding.utf8)
However, remember that this is a best-effort endeavor, so much so that it is perhaps more apt to switch terms and adopt “root indication” instead of “root detection”. We can test all of the above lines of code for success or fail conditions and therefore act on the result.
Also, note that in a real-world application, any root detection approach should be paired with strong anti-tampering protection to avoid the attacker patching the application and removing the jailbreak check becoming an issue.