Last summer we were warned that Apple was going to create a ‘killswitch’ to disable the iphone if a jailbreak was detected.  But then the Copyright Office ruled that jailbreaking was in fact legal. So, what about this remote killswitch? Was Apple concerned about a lawsuit from jailbreakers? They did not say Apple could not have the switch, simply that it was legal to do it. So its was assumed the API call would continue to be there and thus we would have to load a special script to fool the OS into thinking either API works, or that the OS was not jailbroken.

Well non of that may matter now because unannounced, Apple has dropped access to a jailbreak detection API. No announcement much less explanation, but according to networkworld, its gone from 4.2.

One possibility is writing something to detect if an OS has been compromised is not a simple task.  There has already been talk about how to get around this check and if you are selling a security measure that is not all that secure, you could be making this worse.  Imagine I ‘believe’ all my iphones in my corporate deployments are secure because my API call returns an all clear, but someone did jailbreak and cloak the compromise, and then causes havoc within my internal system?  Undetected!  This is worse then assuming my phones are unsecured and putting systems in place to guard against this threat.

I would not in anyway assume Apple is not going to continue to build in corporate tools to better remotely control the iphone as is commonly done with RIM Blackberry, but we are seeing that nothing is as  easy or a simple as you think when you do not build it from the ground up.

Leave a Reply

Your email address will not be published. Required fields are marked *