Block App Access on Jailbroken, Developer Mode Enabled, or Rooted iOS Devices #55
Description
Description:
To enhance application security and prevent misuse, we need to restrict access to the app on compromised iOS devices.
This includes:
- Jailbroken iPhones
- Devices with Developer Mode enabled
- Rooted or otherwise tampered iOS environments
Problem Statement:
Running the app on jailbroken or developer-enabled devices increases the risk of:
- Reverse engineering
- Runtime manipulation
- Bypassing security controls
- Data extraction
- Unauthorized API access
Currently, the app does not actively block or restrict access on such devices.
Proposed Solution:
Implement runtime integrity checks to detect:
-
Jailbreak indicators:
- Presence of known jailbreak file paths (e.g.,
/Applications/Cydia.app) - Writable system directories
- Suspicious dynamic libraries
- Presence of known jailbreak file paths (e.g.,
-
Developer Mode detection (iOS 16+)
-
Debugger attachment detection
-
Unauthorized code injection
If any of the above conditions are detected:
- Prevent user login
- Display a security warning message
Acceptance Criteria:
- App blocks access on jailbroken devices
- App blocks access when Developer Mode is enabled
- Detection cannot be trivially bypassed
- False positives are minimized
- Security event logging is implemented
Additional Notes:
Consider leveraging:
- Apple’s DeviceCheck / App Attest APIs
- Runtime integrity verification
- Anti-debugging techniques
- Obfuscation for detection logic