Jailbreaking: Valuable Shortcut or Dangerous Practice for Mobile Developers

Jailbreaking - exploiting vulnerabilities in the iOS to thwart technological protections instituted by Apple and gain root access to the iOS operating system - has been a tool for developers and testers (and savvy users) almost as long as the mobile iOS has existed (since 2007, according to publish reports). Its popularity has risen and fallen (based largely on how well it works), but it has always had a devoted and fairly considerable following.

For example, in December 2012, an article published online proclaimed that jailbreaking was waning and trumpeted the reasons for its impending demise. A few months later (February 2013), CNET reported that seven million people had downloaded a new iOS jailbreak, Evasi0n, and the tables appeared to have turned for jailbreaking and the tools that support it. 

This year, things got really interesting when a jailbreak for “un-jailbreakable” iOS7 turned up from known jailbreak master Joshua Hill (P0Sixninja). As it turned out, the jailbreak was a hoax. Hill quickly disclaimed any responsibility for it, and those who downloaded it were introduced to a nasty piece of malware that infested their devices with ads. 

This latest episode underscores the point of this article - that jailbreaking has as many (if not more) bad outcomes as good ones. Sure, jailbreaking allows techies to get around Apple’s security fortress and test/run third-party apps, themes, extensions and other add-ons that do not have the blessing of Apple or the Apple App Store. 

However, as my company, Orasi, revealed earlier this year in a white paper published on its web site, jailbreaking can have consequences that far outweigh the benefits. 

 Apple tells users that jailbreaking lowers battery life and can cause app and system instabilities. That doesn’t sound very troublesome, in my opinion, which is why I think the jailbreaking community continues to play this game. 

Here are a few of the reasons I think it’s a bad idea.

- Software unsupported by the Apple store is more likely to leak location and other information, so testers should be very circumspect about any unsupported (by Apple) software they download.

- Furthermore, jailbroken devices are more susceptible to being attacked by malware. If any malware infects the phone, it may be able to harvest sensitive information that was stored on the phone during testing. It is also easier for cyber-attackers or their malware to attack the corporate network on a jailbroken device. 

- Once jailbroken, a device is no longer covered by the Apple warranty. 

- Jailbroken devices are not 100% reliable for traditional use.    

- Jailbreaking tools often acquire their own collection of half-baked or unstable apps and tweaks, further compromising security and reliability.

- Jailbreaks often take weeks or even months to become available after the commercial operating system release. This means testers can’t certify their applications for new OS releases until well after customers have already upgraded, increasing the risk that customers will encounter the incompatibilities before the test team finds them.

In my experience, testers are particularly fond of jailbroken devices. In the past, this approach has been somewhat valid, because there are a handful of tests (such as track-based tests) where automation wasn’t possible without a jailbreak, forcing companies to result to expensive and time-consuming manual testing.

However, an increasing number of reputable automation tools no longer require jailbreaking. When automation tools fail, there are often manual workarounds for tests that a resolute tester can use. It may take a little ingenuity, but it’s entirely possible to avoid jailbroken devices almost completely.

Only when there really is no possible alternative should testers use jailbroken devices. When those instances arise, the devices should be used only for those tests and then retired to the shelf until they are needed again for a similar reason.

Until now, this article has talked about iOS exclusively, but you’re probably familiar with the related approach for Android - “rooting” the device. Since Android devices run on open OSs and their bootloaders are usually not locked against OS modifications, rooting is even easier than jailbreaking. 

That may lead developers and testers to take it more lightly. The Internet is full of stories from “rube” users crowing about their successful Android roots.

Despite the ease with which nearly anyone can root their Android device, I encourage testers to approach it with caution, because rooting also can expose devices, apps and data to being compromised by malware. It can make devices unstable and it likely will void a manufacturer’s warranty. In short, rooting on Android has all of the same drawbacks as jailbreaking on iOS.

Like overclocking and any number of geek tweaks, we recommend against rooting and jailbreaking when there are any other reasonable alternatives. Even when avoiding these tricks takes a little more time or effort, the trade-off is worth it, especially if your company’s (or client’s) revenues are involved.