The owners of smartphones based on Android and iOS sometimes enter into heated discussions. About the need to conduct operations with their devices with mysterious names root and jailbreak. No one bothers to translate them, but it is clear. That we are talking about some hacking actions with interesting consequences. In what they are good and bad, we now will understand.
Despite the different names. The essence of getting root-rights on Android-devices and carrying out jailbreak (literally – “jailbreak”) on the iPhone is very similar. On a new smartphone. Many actions with it can only be done by programs written by its manufacturer or OS maker. And all programs that you can download from the application store are limited in rights.
Root and jailbreak are nothing more than getting full administrative rights on the device. After which third-party programs can perform manipulations initially unreachable for them. For example, to control the processor frequency or to rewrite system files. Using specially written programs, a user can do absolutely anything with his smartphone, without being constrained by the manufacturer. Of course, with great power comes to a big responsibility – “absolutely everything”. Includes the unintended transformation of the smartphone into a “brick” and the installation of full-scale spyware.
Why do Root and Jailbreak
Let’s be honest – from half to nine-tenths of users hack their devices in order to positively put pirate toys. And other applications on them. This practice does not cause me any approval. But the motives of the rest of users are more noble and weighty enough.
First, applications with administrative rights can give the smartphone functionality, to which no manufacturer has thought of. For example, there is an application that changes the volume of the call depending on a number of conditions. For example, the perceived level of background noise through the microphone, camera image analysis, and gyro readings. From which it can be concluded that the device is in a bag or pocket.
Secondly, flexible application management functions. One of the most famous applications on Android, which requires root, is a fully-fledged and flexible “time machine” Titanium Backup. Greatly simplifying the transfer of data from the old smartphone to a new one. Or allowing you to return the previous version of the application if the new version works worse.
Third, the new security features. But about this in a separate subsection.
Getting Root and Jailbreak
Administrative rights on Android-smartphone can be obtained with the approval of the manufacturer. Usually, it is done this way. On the manufacturer’s website, you need to inform the unique number (IMEI) of your smartphone. And also download a special application. It “unlocks” the bootloader to the smartphone. Allowing you to load into it a modified operating system that gives the user full rights. Sounds difficult? Yes, it’s not for nothing. That such unlocked smartphones get the status of “device for the application developer”. And also are removed from the warranty.
Therefore, often users and hackers-enthusiasts go the other way. They are looking for vulnerabilities in the firmware of the smartphone. Through which you can get the same access without contacting the manufacturer. This is very similar to how malicious applications use vulnerabilities in your browser for secretly automatically installing on a computer. To get root through the vulnerability, you need to either connect the smartphone cable to the computer. And also run a special application or run the program directly on your smartphone. After a few minutes, the smartphone will reboot and will be “junked”. More this procedure is not required.
“Jailbreak,” or jailbreak, on iOS is also based. On the exploitation of vulnerabilities. Usually, hacking is done using the application on the computer and connecting the smartphone cable. But there were ways and simpler. At one time, the Jailbreakme website was wildly popular. Which exploited a vulnerability in Safari and allowed to get full access to its iPhone / iPad in one touch. It was necessary to go to the site from the device and press the button “Jailbreak me”. Then Apple patched the hole and took the site developer to its team. Quite reasonable.
The use of Root and Jailbreak for protection
Applications that use administrative functions can protect a smartphone or tablet in fundamentally new ways. For example, the standard Android-smartphone is deprived of a firewall (firewall), or rather is built into the system. But it allows everyone and everything and everything uncontrollably. Only an application with Root status can write new rules to the firewall, limiting. For example, a number of applications access to the Network in roaming.
In iOS new versions, there is a system that allows you to flexibly control. Which types of personal data (photos, contacts, location) each application has access to. In Android, such a system of permissions, too, is there, but the user does not have flexible control. He sees the entire list of permissions before installing the application, but if he does not like something. You can only refuse the installation. Compensate for this can apply that flexibly manage the individual permissions of an already installed application. In other words, the program can select a right, for example, the right to determine your location. If you think that it does not need it.
And for iOS, and Android applications with administrative rights can have additional “anti-theft” functionality. So, in Cydia for iOS, there are anti-war applications that take pictures of a thief. When he looks at the lock screen. And also in Android – programs sewing themselves into the device’s permanent memory. And also surviving when returning settings to factory ones. It is because of this risk that most application vendors, including Kaspersky Lab in their Kaspersky Mobile Security. Do not use functions that require root/jailbreak.
Troubleshooting Root and jailbreak for protection
A number of applications regard the presence of root/jailbreak as a security risk. And refuse to work on an unlocked smartphone. These include many applications of the class MDM (Mobile Device Management). Allowing you to view working documents and mail on your personal smartphone. Also, mobile applications of some banks disable most of the functions on the hacked device. A similar solution for developers can be understood.
In addition to the already mentioned opportunity to do “under the hood” of cases. Turning a smartphone into an expensive and lifeless plastic bar. Root and jailbreak create new security threats.
First, the application that has received administrative access leaves the “sandbox” for applications. And also its claimed functions, the permissions received by it no longer play a role. It will be able to do whatever it pleases, including reading and sending files from other applications. Keeping an eye on the owner, secretly including the microphone, and so on.
Secondly, applications for working with a “jailbreak” or a “Jail”. The smartphone is usually written by amateurs or small groups of amateurs. So they are more likely to encounter sloppy code that contains their own vulnerabilities. And another, outwardly decent application without requests for suspicious rights can. By means of such vulnerability get administrative access on the smartphone.
Thirdly, a number of system changes that are made to the configuration of the smartphone during hacking. Maybe a gift for the hacker – jailbreak makes most iPhone models available for remote control. Since the password on all devices is the same.
Security is not guaranteed
Considerations for Root and jailbreak damage are very significant but do not assume. That by avoiding these procedures, you guarantee your safety. Hackers can take advantage of a vulnerability on your smartphone and get their administrative rights for their malicious application. Without resorting to intermediate programs like SuperSU. The hacked and non-broken smartphone is the same in this. The most striking example of this is the already mentioned site Jailbreakme.com. If its creator was a villain, he could use the same vulnerability not for distributing the Jail to everyone. But for secretly installing spyware. An entertaining site with the promise of reading someone else’s SMS or another computer miracle. The same button, but with the inscription “Get Access” – and voila! We do not know about such cases.
A more tangible difference between a hacked and unbraked smartphone lies in the plane of service. That is maintenance by the manufacturer or operator. It is up to you to decide whether it’s worth it. But regardless of the decision taken, additional protection for your smartphone, such as Kaspersky Mobile Security, is not a problem.