Security in Mobile application part2(Jailbreak Devices)
Hi Everyone,
It is the third article in our series of Security in Mobile applications. In the earlier article, we have discussed HTTPS communication and ways to cheat HTTPS by Man in the middle attack that was the second article built upon Certificate pinning.
If you think you need to know more about how HTTPS works and the difference between HTTPS and HTTP, then please follow the below link:-
One of the ways by which we can ditch HTTPS communication is “Man in the middle attack” which was our second article on “Certificate Pinning” and the link for the same can be accessed as below:
The topic we are going to discuss in this article is Jailbreak devices and how they possess a security threat to users.
Things we are going to cover in this article are:
What are Jailbreak devices?
What security challenges we could face if the device is Jailbreak.
How do we know if a device is Jailbroken?
Steps to prevent security challenges in Jailbreak devices.
What are Jailbreak devices:
Apple/Android imposes some restrictions to make a device secure or to follow some standard which is set up by those brands. Now, if a user wants to have more access to the device, they can remove all restrictions added to that device. Once the device is jailbreak, anyone can access the root files. That’s why they are also called rooted devices. In a rooted/jailbreak device, we must find the Cydia app installed.
So as per our above understanding, we can say that a jailbroken device is a device where all restrictions are removed and a user is allowed to download any files or apps on his/her device or perform any action which was not allowed on a normal device.
What security challenges we could face if the device is Jailbreak:
A JailBreak device gives root access to the system files which can be easily manipulated by any hacker. A hacker can install its own certificate in the user’s device or can install any tracking program on a jailbroken device to steal important files and user information from it.
How do we know if a device is Jailbroken:
Before building any application one must check if the device is jailbroken or not. Now I am going into the coding part to identify if the device is Jailbreak or not. This code will be for an iOS application and if you want the coding part for an Android device then please let me know in the comment section.
Let’s go into some of the coding parts of it:
1.First, we need to find the URL scheme for Cydia is available or not by using the below code:
As we can see from the above screenshot of the code part where we are trying to open the URL and if we succeeded to open those URLs then the device is rooted which in the second screenshot we have shown that the callback is received and the developer needs to take appropriate action on it.
2. If a device is rooted/jailbreak then we must have access to the root files. So let's try to access some of the root files:
This is a straightforward code where we have taken some of the private directories and tried to access them. If we manage to do that then we return true from the function and need to take appropriate action on it.
3. Try to write on the files which are available on root directories:
Above mentioned steps are enough to find if the device is rooted or not.
Steps to prevent security challenges in Jailbreak devices:
Once we know if a device is a jailbreak, we can have the following things to implement in our application as safety checks to protect user data.
- Show a warning screen and alert users that they are using a jailbroken device which might cause a security issue. Now in my suggestion as a developer, we shouldn’t let the user continue with the application if the application is for any financial service like banking. For all other applications, a single warning screen will be sufficient.
2. User-sensitive information must be saved in keychain with encryption.
3. Any user-sensitive or secret information should not be part of the codebase. All that information should come by a configuration file or be injected by an environment variable.
4. At the time of development, we generally use print commands to log and understand the behaviour of an application. But if those logs come in the hand of a hacker, that might give away a lot of information. So we must make sure that those logs shouldn’t be part of the release build and are only available at the time of development.
5. We should restrict the use of third-party libraries, and if we have to use any third-party library, we must ensure their security review and other aspects before using it.
We must understand that as a developer we need to make it extremely difficult for any hacker who is trying to hack our system. There are other things that we can do to enhance the security of our application which we will discuss in our upcoming article.
Our next article will be on Multi-Factor Authentication. If you want to know more about this then please visit the below article:-
This is all for this article. I’ll see you in our next article😊.
