Apple + Security & Privacy

Apple Bans iPhone App That Warned If You Had Been Secretly Hacked

Posted on May 16th, 2016 by

Jailbreak detection app banned

Apple has banned a top-selling iOS app that raised the alarm if it determined your iPhone or iPad had been jailbroken without your knowledge.

The app, "System and Security Info," was only released a week ago and made its way rapidly to the top of the paid-for app charts, outselling the likes of Minecraft and Grand Theft Auto.

I don't think anyone really expected System and Security Info to maintain a lead over such popular, heavyweight video games for long, but I certainly didn't anticipate Apple throwing it out of the iTunes Store quite so quickly either.

App not found

System and Security Info is developed by noted security researcher Stefan Esser who has made a name for himself by uncovering zero-day vulnerabilities in Apple's code, and for his low opinion of the quality of Apple security.

Over the weekend, Esser posted on Twitter that his app had been banned, because (in Apple's words):

"[T]here is no publicly available infrastructure to support iOS diagnostic analysis. Therefore your app may report inaccurate information which could mislead or confuse your users."

Esser, of course, is unimpressed with that ruling:

"It basically says: we do not want our users to have the impression iOS could have security holes. go away."

You can certainly understand the viewpoint of Esser and those iOS users who bought his app (declaration: I'm one of them). Apple's position seems to be that, because it hasn't provided any accurate official way for users to check if their devices are secure, they are not going to allow any apps to suggest that devices might not be secure.

Stefan EsserAnd seeing as Esser has found countless Apple-related vulnerabilities over the years (some of which, he contends) the company still hasn't fixed properly, I feel inclined to trust him that he knows what he's talking about (even if I don't always agree with how he goes about saying it).

After all, if there was even a 1% chance that my iPhone might be jailbroken I would prefer to know about it rather than left in the dark, oblivious to the possible threat.

In a later tweet, the clearly-riled Esser makes clear that he believes he is being singled out by Apple, pointing out that others (such as security firm G DATA) still have apps available for download from the iOS App Store that offer jailbreak detection.

The ideal solution, of course, would be if iOS itself shipped with code that warned users if their devices had been jailbroken, and might have fallen victim to a hacker, jealous partner or stalker who wants to track an individual's online activities and location.

If Apple were to provide such a utility, and coded it effectively, then there would hopefully be no need for a tool from a third-party like Esser.

And there's another takeaway from this spat between Apple and this security researcher. On three occasions (due to bug fixes, and so forth) the System and Security Info app went through Apple's review process without any concerns being raised about its ability to detect jailbreaking.

It was only on the fourth occasion, and after the app raced to the top of the charts, that it was summarily booted out on the pretext of its core functionality.

In Esser's eyes, it's clear that Apple's review process is falling short:

"I hope media takes away the important fact: there is no chance at all the AppStore review process will stop anyone from smuggling stuff in."

Do you think Apple is right or wrong to ban the System and Security Info app? Leave a comment below with your point of view.

About Graham Cluley

Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by companies such as Sophos, McAfee and Dr Solomon's. He has given talks about computer security for some of the world's largest companies, worked with law enforcement agencies on investigations into hacking groups, and regularly appears on TV and radio explaining computer security threats. Graham Cluley was inducted into the InfoSecurity Europe Hall of Fame in 2011, and was given an honorary mention in the "10 Greatest Britons in IT History" for his contribution as a leading authority in internet security. Follow him on Twitter at @gcluley. View all posts by Graham Cluley →
  • Mark Jacobs

    Frankly, I am surprised that I’m the first commenter here! Surely Apple must realise that, if you get a guy like Esser riled, he is going to get revenge on Apple in some form or other. Perhaps a demonstrable security hole that he releases to the public without telling Apple first. Perhaps by sneaking a cleverly-hidden trojan into their app store. It is in Apple’s interest to work with him, not against him!

  • http://Mac-Security.blogspot.com Derek Currie

    I see this as a PR issue for Apple. When the (probably innocuous) app hit the top of the charts, that triggered concerns by the PR people at Apple, as opposed to those testing apps for approval. Apple doesn’t want anyone concerned that their iOS device could be surreptitiously jail broken without their knowledge.

    However, I’d still be interested in how often secret jail breaking is accomplished and how it is done. If this really is a non-issue, I can see why Apple would want to squelch what amounts to urban legend mongering.

    Regarding Apple security: Anything that convinces Apple to take security more seriously is fine with me. If this app spurs them to take another look at jail breaking and stopping it, great! In that respect, thank you Stefan Esser, as ever!

  • http://www.anthonymaw.com/ Anthony Maw

    Looked at another way: The NSA wants to maintain it’s ability to secretly hack into iPhones without user’s suspicion. Apple+NSA are good bed-buddies given the proliferation of iOS devices. Cook probably under US federal gag-order (“talk and go to jail”) when it comes to these things so the truth is hard to come by.

  • Marvin Slatkin

    The only criteria should be: Does it work? I assume that every OS update is a security update. They come frequently. A program that sniffs out potential malware would be welcome. I would love Apple to encourage, approve, set standards and deploy this in updates.