Jailbreak detection with jail-monkey on React Native app

Mobile device operating systems often impose certain restrictions to what capabilities the user have on the device like which apps can be installed on the device and what access to information and data apps and user have on the device. The limitations can be bypassed with jailbreaking or rooting the device which might introduce security risks to your app running on the device so you might want to detect if your app is run on jailbroken device.

Jailbreak detection

Detecting and possible acting regarding the device status can be beneficial depending on your app features. The reason for detection is to either disable some, or most of the app's functionalities due to security concerns that come from a jailbroken system. You might want to e.g. prevent jailbroken devices from authenticating to protected applications. There are different methods to use and one of the easiest is to use libraries like jail-monkey.

Overall the jailbreak detection is based on several different aspects on the device which: file existence checks, URI scheme registration checks, sandbox behavior checks, abnormal services and dynamic linker inspection.

jail-monkey is a React Native library for detection if a phone has been jail-broken or rooted for iOS and Android. (note: the library is not actively maintained)

Are users claiming they are crossing the globe in seconds and collecting all the Pokeballs? Some apps need to protect themselves in order to protect data integrity. JailMonkey allows you to:

  • Identify if a phone has been jail-broken or rooted for iOS/Android.
  • Detect mocked locations for phones set in "developer mode".
jail-monkey

Using jail-monkey is straightforward and after adding the library to your app the only unanswered question is what you want to do with the information. Do you block the app from running, limit some features or just log the information to e.g. Sentry or some analytics platform.

import JailMonkey from 'jail-monkey'

if (JailMonkey.isJailBroken()) {
  // Alternative behaviour for jail-broken/rooted devices.
}

jail-monkey answers to following questions:

  • can the location be mocked?
  • is the device in debug mode?
  • is the device jailbroken?
  • on iOS the reason for jailbroken
  • on Android: i.a. adb enabled, development settings mode

You show the jailbreaking status for example as a banner in the app:

Jailbreak detected!

Is it worth it?

Implementing jailbreak detection is easy but you might want to consider if it brings anything of value. Jailbreaking an iOS device does not, on its own, make it less secure but it makes harder to reason about the security properties of the device and more concerning issue is that users of jailbroken devices frequently hold off on updating their devices, as jailbreak development usually lags behind official software releases.

Jailbreak / root detection is never perfect and more or less hinders only the less technology savvy users and these kinds of checks don't contribute too much to the security side. Also it can result in false positives as jail-monkey's issue tracker shows. Hackers are usually one step ahead than detection mechanisms so relying on the jailbreaking status should be taking with a grain of salt.

Bypassing different jailbreak detection secure mechanisms is just a matter of effort as the guide for bypassing jail-monkey and jailbreak detection bypass articles show. There's also ready made tools for iOS like iHide. So if you seriously plan to detect and secure your app against jailbreaking you should implement your own tools or use some custom made library.

If you want to read more about jailbreak detection Duo has written a good analysis of jailbreak detection methods and the tools used to evade them.

Leave a Reply

Your email address will not be published. Required fields are marked *