Bug #22301

[External Audit Findings][iOS] No Jailbreak Detection

Added by yap chekying about 1 month ago. Updated 13 days ago.

Status:ClosedStart date:29 July 2025
Priority:LowDue date:
Assignee:yap chekying% Done:

100%

Category:-Spent time:-
Target version:-

Description

Issue:
Jailbreaking is the process of gaining administrative or privileged access to the iOS OS. Without jailbreak detection, attackers may access sensitive information from the app running on the device.

Recommendation from pentester:
Developers must detect whether the application is running on a jailbroken device.

Please refer to attached excel for details.

Copy of Audit Findings - Silver lake - ver2.xlsx (5.15 MB) yap chekying, 29 July 2025 10:05 AM

522583256_743120614740940_2149297946710618408_n.jpg (73.7 KB) He Xi Yeo, 29 July 2025 10:24 AM

RE OCBC Business Mobile app Audit Findings - July 2025.msg (364 KB) yap chekying, 06 August 2025 11:08 AM

History

#1 Updated by He Xi Yeo about 1 month ago

Added more rigid jailbreak detection.

#2 Updated by yap chekying about 1 month ago

#3 Updated by yap chekying about 1 month ago

  • Status changed from Pending UAT to Pending PROD

#4 Updated by yap chekying about 1 month ago

Need to add the appcamo framework into the source code in next release.

Integrated AppCamo and conducted testing on a jailbroken device in both debug and distribution modes. However, in both scenarios, jailbreak detection was unsuccessful. Therefore, need to have discussion session with the AppCamo vendor to further investigate this issue.

In the meantime, implemented jailbreak detection method for iOS, which has proven effective—test device was able to detect jailbreak access successfully. This method has already been included in the latest TestFlight build, so will release in this release first

#5 Updated by yap chekying 13 days ago

  • Status changed from Pending PROD to Closed

Released to production

Also available in: Atom PDF