From Wikipedia, the free encyclopedia - View original article
iOS jailbreaking is the process of removing limitations on iOS, Apple's operating system on devices running it through the use of software and hardware exploits; such devices include the iPhone, iPod touch, iPad, and second-generation Apple TV. Jailbreaking permits root access to the iOS file system and manager, allowing the download of additional applications, extensions, and themes that are unavailable through the official Apple App Store. Jailbreaking is a form of privilege escalation, and the term has been used to describe privilege escalation on devices by other manufacturers as well. The name refers to breaking the device out of its "jail", which is a technical term used in Unix-style systems, for example in the term "FreeBSD jail". A jailbroken iPhone, iPod touch, or iPad running iOS can still use the App Store, iTunes, and other normal functions, such as making telephone calls.
One of the reasons for jailbreaking is to expand the feature set limited by Apple and its App Store.[dubious ] Apple checks apps for compliance with its iOS Developer Program License Agreement before accepting them for distribution in the App Store. However, their reasons for banning apps are not limited to safety and security and may be construed as arbitrary and capricious. To access the list of banned apps, users rely on jailbreaking to circumvent Apple's censorship of content and features. Jailbreaking permits the downloading of programs not approved by Apple, such as customization apps used to change the User Interface.
Since software programs available through Cydia are not required to adhere to App Store guidelines, many of them are not typical self-contained apps but instead are extensions and customizations for iOS and other apps. Users install these programs for purposes including personalization and customization of the interface, adding desired features and fixing annoyances, and making development work on the device easier by providing access to the filesystem and command-line tools. Many Chinese iPhone owners jailbreak their phones to install third-party Chinese character input systems because they are easier to use than Apple's.
Jailbreaking also opens the possibility for using software to unofficially unlock carrier-locked iPhones so they can be used with other carriers. Software-based unlocks have been available since September 2007, with each tool applying to a specific iPhone model and baseband version (or multiple models and versions).
On July 15, 2011, Apple released a new version of iOS that closed the exploit used in JailbreakMe 3.0. The German Federal Office for Information Security had reported that the "critical weakness" uncovered by JailbreakMe meant that iOS users could potentially have their information stolen or unwillingly download malware by clicking on maliciously crafted PDF files. Before Apple released a fix for this security hole, jailbreak users had access to a fix published by the developer of JailbreakMe.
After "jailbreaking" their iPhone, owners can access almost unlimited customization, allowing for better control of the phone's settings, like the user interface, and color scheme. For iPhone users, this is the solution to the iPhone's restrictions, making it possible to allow similar customization like Google's operating system, Android. But, the amount of customization that is available through jailbreaking is far more advanced than Android, or any other stock operating system. The reason is that Android tends to be much more customizable and open even without rooting, while iOS requires jailbreaking for anything outside of the stock interface. With sufficient knowledge of computer programming it is also possible to run different operating systems, such as windows 8, on IOS devices.
The first iPhone worm, iKee, appeared in early November 2009, created by a 21-year-old Australian student in the town of Wollongong. He told Australian media that he created the worm to raise awareness of security issues: jailbreaking allows users to install an SSH service, which those users can leave in the default unsecure state. In the same month, F-Secure reported on a new malicious worm compromising bank transactions from jailbroken phones in the Netherlands, similarly affecting devices where the owner had installed SSH without changing the default password.
A Forbes staff analyzed UCSB study on 1407 free programs available from a third party source and Apple. Of the 1,407 free apps investigated in the cited study, 825 were downloaded from Apple’s App Store using the website App Tracker, and 526 from BigBoss (Cydia's default repository). 21% of official apps tested leaked device ID and 4% leaked location. Unofficial apps leaked 4% and 0.2% respectively. 0.2% of apps from Cydia leaked photos and browsing history, while the Apple store leaked none. He commented that unauthorized apps tend to respect privacy better than official ones. Also, there is a program called PrivaCy that allows user to control the upload of usage statistics to remote servers.
Installing software published outside the App Store has the potential to affect battery life and system stability if the software is poorly optimized or frequently uses resource-draining services (such as 3G or Wi-Fi).
Jailbreaking devices running the Apple iOS operating system is sometimes compared to gaining root access on Android devices. However, these are distinct concepts. In the tightly-controlled iOS world, technical restrictions prevent installing or booting into a modified or entirely new operating system. (A “locked bootloader” prevents this). Sideloading unsigned applications onto the device is also prevented. Finally, user-installed apps are restricted from having root privileges. Bypassing all these restrictions together constitute the expansive term “jailbreaking” of Apple devices. That is, jailbreaking entails overcoming several types of iOS security features simultaneously.
With few exceptions, Android devices typically do not have a locked bootloader to prevent replacing or modifying the operating system. Sideloading apps is also typically permissible in default Android installations. Thus, giving users superuser administrative privileges ("root access") is the only common aspect between rooting a device running Android and jailbreaking one running iOS.
Apple has released various updates to iOS that patch exploits used by jailbreak utilities; this includes a patch released in iOS 6.1.3 to software exploits used by the original evasi0n iOS 6-6.1.2 jailbreak, and again in iOS 7.1 patching the Evasi0n 7 jailbreak for iOS 7-7.0.6/7.1 beta 3. Bootrom exploits cannot be patched by Apple by system updates, but could be fixed in hardware revisions or new hardware in its entirety.
Jailbreaking a device involves circumventing its technological protection measures (in order to allow root access and running alternative software), so its legal status is affected by laws regarding circumvention of digital locks, such as laws protecting digital rights management (DRM) mechanisms. Many countries do not have such laws, and some countries have laws including exceptions for jailbreaking.
International treaties have influenced the development of laws affecting jailbreaking. The 1996 World Intellectual Property Organization (WIPO) Copyright Treaty requires nations party to the treaties to enact laws against DRM circumvention. The American implementation is the Digital Millennium Copyright Act (DMCA), which includes a process for establishing exemptions for non-copyright-infringing purposes such as jailbreaking. The 2001 European Copyright Directive implemented the treaty in Europe, requiring member states of the European Union to implement legal protections for technological protection measures. The Copyright Directive includes exceptions to allow breaking those measures for non-copyright-infringing purposes, such as jailbreaking to run alternative software, but member states vary on the implementation of the directive.
In 2010, Electronic Frontiers Australia said that it is unclear whether jailbreaking is legal in Australia, and that anti-circumvention laws may apply. These laws were strengthened by the Copyright Amendment Act 2006.
In November 2012, Canada amended its Copyright Act with new provisions prohibiting tampering with digital locks, with exceptions including software interoperability. Jailbreaking a device to run alternative software is a form of circumventing digital locks for the purpose of software interoperability.
There had been several efforts from 2008-2011 to amend the Copyright Act (Bill C-60, Bill C-61, and Bill C-32) to prohibit tampering with digital locks, along with initial proposals for C-11 that were more restrictive, but those bills were set aside. In 2011, Michael Geist, a Canadian copyright scholar, cited iPhone jailbreaking as a non-copyright-related activity that overly-broad Copyright Act amendments could prohibit.
India's copyright law permits circumventing DRM for non-copyright-infringing purposes. Parliament introduced a bill including this DRM provision in 2010 and passed it in 2012 as Copyright (Amendment) Bill 2012. India is not a signatory to the WIPO Copyright Treaty that requires laws against DRM circumvention, but being listed on the US Special 301 Report "Priority Watch List" applied pressure to develop stricter copyright laws in line with the WIPO treaty.
Jailbreaking might be legal in Singapore if done to provide interoperability and not circumvent copyright, but that has not been tested in court.
The law Copyright and Related Rights Regulations 2003 makes circumventing DRM protection measures legal for the purpose of interoperability but not copyright infringement. Jailbreaking may be a form of circumvention covered by that law, but this has not been tested in court. Competition laws may also be relevant.
The Digital Millennium Copyright Act says "a person can circumvent a technological measure that effectively controls access to a work protected under this title", which may apply to jailbreaking; there is an exemption from this law only for jailbreaking mobile phones (e.g. not tablets) "at least through 2015". Note that the exemption is for jailbreaking only, not unlocking (recent phones), and that Apple has announced that jailbreaking "can violate the warranty". However, in the United States, Apple cannot void an iPhone's warranty unless it can show that a problem or component failure is linked to the installation or placement of after-market item such as unauthorized applications, because of the Federal Trade Commission's Magnuson-Moss Warranty Act of 1975
In 2010, in response to a request by the Electronic Frontier Foundation, the U.S. Copyright Office explicitly recognized an exemption to the DMCA to permit jailbreaking in order to allow iPhone owners to use their phones with applications that are not available from Apple's store, and to unlock their iPhones for use with unapproved carriers. Apple had previously filed comments opposing this exemption and indicated that it had considered jailbreaking to be a violation of copyright (and by implication prosecutable under the DMCA). Apple's request to define copyright law to include jailbreaking as a violation was denied as part of the 2009 DMCA rulemaking. In their ruling, the Library of Congress affirmed on July 26, 2010 that jailbreaking is exempt from DMCA rules with respect to circumventing digital locks. DMCA exemptions must be reviewed and renewed every three years or else they expire.
On October 28, 2012, the US Copyright Office updated their exemption policies. The jailbreaking of smartphones continues to be legal "where circumvention is accomplished for the sole purpose of enabling interoperability of [lawfully obtained software] applications with computer programs on the telephone handset." However, the U.S. Copyright office refused to extend this exemption to tablets, such as iPads, arguing that the term "tablets" is broad and ill-defined, and an exemption to this class of devices could have unintended side effects. The Copyright Office also renewed the 2010 exemption for unofficially unlocking phones to use them on unapproved carriers, but restricted this exemption to phones purchased before January 26, 2013.
Tim Wu, a professor at Columbia Law School, argued in 2007 that jailbreaking "Apple's superphone is legal, ethical, and just plain fun." Wu cited an explicit exemption issued by the Library of Congress in 2006 for personal unlocking, which notes that locks "are used by wireless carriers to limit the ability of subscribers to switch to other carriers, a business decision that has nothing whatsoever to do with the interests protected by copyright" and thus do not implicate the DMCA. Wu did not claim that this exemption applies to those who help others unlock a device or "traffic" in software to do so. In 2010 and 2012, the U.S. Copyright Office approved exemptions to the DMCA that allow iPhone users to jailbreak their devices legally. It is still possible Apple may employ technical countermeasures to prevent jailbreaking or prevent jailbroken phones from functioning, but it will not be able to sue users who jailbreak. It is also unclear whether it is legal to traffic in the tools used to make jailbreaking easy.
New Zealand's copyright law allows the use of technological protection measure (TPM) circumvention methods as long as the use is for legal, non-copyright-infringing purposes. This law was added to the Copyright Act 1994 as part of the Copyright (New Technologies) Amendment Act 2008.
An "untethered" jailbreak has the property that if the user turns the device off and back on, the device will start up completely, and the kernel will be patched without the help of a computer – in other words, it will be jailbroken after each reboot. The jailbreaks are harder to make and take a lot of reverse engineering and years of experience.
With a "tethered" jailbreak, a computer is needed to turn the device on each time it is rebooted. If the device starts back up on its own, it will no longer have a patched kernel, and it may get stuck in a partially started state. By using a computer, the phone is essentially "re-jailbroken" (using the "boot tethered" feature of a jailbreaking tool) each time it is turned on. This is often a major problem for users on a tethered jailbreak. If the device is not connected to a computer, it is rendered useless until it is. Devices that use tethered jailbreaks can still respring and not lose the jailbreak. Most tethered jailbreaks are now only for devices exploitable with 'limera1n' (A4-chip based devices) and opensn0w as this is the easier option. Geeksn0w is a tethered jailbreak for iOS 7.1 and uses limera1n to tethered jailbreak the iPhone 4.
There is also "semi-tethered" solution, which means that when the device boots, it will no longer have a patched kernel (so it will not be able to run modified code), but it will still be usable for normal functions. To use any features that require running modified code, the user must start the device with the help of the jailbreaking tool in order for it to start with a patched kernel (jailbroken). The only Semi-Tethered jailbreak so far was for iOS 5 and in order to get the semi-tether, the user must download a package from Cydia.
|Parts of this article (those related to History of iOS jailbreaking tools) are outdated. (November 2013)|
A few days after the original iPhone became available in July 2007, developers released the first jailbreaking tool for it, and soon a jailbreak-only game app became available. In October 2007, JailbreakMe 1.0 (also called "AppSnapp") allowed people to jailbreak iPhone OS 1.1.1 on both the iPhone and iPod touch, and it included Installer.app as a way to get software for the jailbroken device. In February 2008, Zibri released ZiPhone, a tool for jailbreaking iPhone OS 1.1.3 and 1.1.4.
The iPhone Dev Team (not affiliated with Apple) has released a series of free desktop-based jailbreaking tools. It released a version of PwnageTool in July 2008 to jailbreak the then new iPhone 3G on iOS 2.0 as well as the iPod touch, newly including Cydia as the primary third-party installer for jailbroken software (PwnageTool continues to be updated for untethered jailbreaks of newer iOS versions). The iPhone Dev Team released QuickPWN to jailbreak iOS 2.2 on iPhone and iPod touch, also including options to enable functionality that was possible but disabled by Apple on certain devices. After Apple released iOS 3.0, the Dev Team published redsn0w as a simple jailbreaking tool usable on Mac and Windows, and also updated PwnageTool (now primarily intended for expert users making custom firmware, and only for Mac). It continues to maintain redsn0w for jailbreaking most versions of iOS 4 and iOS 5 on most devices. Before redsn0w released their iOS 5 jailbreak, another team by the name of BlueFire created an iOS 5 jailbreak for Apple's A4 and A5 devices. As of December 2011, redsn0w includes the "Corona" untether by pod2g for iOS 5.0.1 for iPhone 3GS, iPhone 4, iPad 1, and iPod touch 3rd and 4th generation. As of June 2012, redsn0w also includes the "Rocky Racoon" untether by pod2g for iOS 5.1.1 on all iPhone, iPad, and iPod touch models that support iOS 5.1.1.
George Hotz, who developed the first iPhone unlock, released a jailbreaking tool for the iPhone 3GS on iOS 3.0 called purplera1n, and blackra1n for iOS version 3.1.2 on the 3rd generation iPod touch and other devices. In October 2010, he released limera1n, a low-level boot ROM exploit that permanently works to jailbreak the iPhone 4 and is used as part of tools including redsn0w.
Nicholas Allegra (better known as "comex") released a program called Spirit in May 2010. Spirit jailbreak for devices including iPad (which was just released) and then new iPhones running iOS 3.1.2, 3.1.3, and iPad running 3.2 In August 2010, comex released JailbreakMe 2.0, a web-based tool that was the first to jailbreak the iPhone 4 (on iOS 4.0.1). In July 2011, he released JailbreakMe 3.0, a web-based tool for jailbreaking all devices on certain versions of iOS 4.3, including the iPad 2 for the first time (on iOS 4.3.3). JailbreakMe 3.0 uses a flaw in PDF file rendering in mobile Safari.
Chronic Dev Team initially released greenpois0n in October 2010, a desktop-based tool for jailbreaking iOS 4.1 and later iOS 4.2.1 on most devices including the Apple TV, as well as iOS 4.2.6 on CDMA (Verizon) iPhones.
The iPhone Dev Team, Chronic Dev Team, and pod2g collaborated to release Absinthe in January 2012, a desktop-based tool to jailbreak the iPhone 4S for the first time and the iPad 2 for the second time, on iOS 5.0.1 for both devices and also iOS 5.0 for iPhone 4S. In May 2012 it released Absinthe 2.0, which can jailbreak iOS 5.1.1 untethered on all iPhone, iPad, and iPod touch models that support iOS 5.1.1, including jailbreaking the third-generation iPad for the first time. The hackers together called the evad3rs released an iOS 6.X jailbreak tool called evasi0n. The expected release was on Sunday, February 3, 2013, though it was actually released on Monday, February 4, 2013 at noon Eastern Standard Time. The site initially gave anticipating users download errors as there was a high volume of interest in the download for the jailbreak utility, which is available for Linux, OS X, and Windows. When Apple upgraded its software to iOS 6.1.3 it permanently patched out the evasi0n jailbreak. Apple has now upgraded its software to iOS 6.1.4. which is only available for the iPhone 5. On April 2013, the latest versions of Sn0wbreeze was released, which added the support for tethered jailbreaking on A4 devices (i.e. devices not newer than the iPhone 4, iPad 1, or iPod touch 4).
On December 22, 2013, the evad3rs released a new version of evasi0n that supports jailbreaking iOS 7.x, known as evasi0n7.
After the release of evasi0n7, winocm, ih8sn0w and SquiffyPwn released p0sixspwn on December 30, 2013 for untethering devices on iOS 6.1.3 - 6.1.5. Initially, you will need to already been tethered jailbroken using redsn0w and install p0sixpwn at Cydia. A few days later, on January 4, 2014, the same team released a version of p0sixpwn for jailbreaking using a computer.
|Device/OS||Release date||Date of first jailbreak||Time (days)||Tool||Developer|
|iPhone/iOS 1.0||June 29, 2007||July 10, 2007||11||(no name)||iPhone Dev Team|
|iPod touch||September 5, 2007||October 10, 2007||36||(no name)||niacin and dre|
|iPhone 3G/iOS 2.0||July 11, 2008||July 20, 2008||9||PwnageTool||iPhone Dev Team|
|iPod touch (2nd generation)||September 9, 2008||January 30, 2009||143||redsn0w||iPhone Dev Team and Chronic Dev Team|
|iOS 3.0||June 17, 2009||June 19, 2009||2||PwnageTool||iPhone Dev Team|
|iPhone 3GS||June 19, 2009||July 3, 2009||14||purplera1n||George Hotz|
|iPad||April 30, 2010||May 3, 2010||3||Spirit||comex|
|iOS 4.0||June 21, 2010||June 21–23, 2010||2||PwnageTool||iPhone Dev Team|
|iPhone 4||June 24, 2010||August 1, 2010||38||JailbreakMe 2.0||comex|
|Apple TV (2nd generation)||September 1, 2010||October 20, 2010||49||PwnageTool||iPhone Dev Team|
|iPad 2||March 11, 2011||July 5, 2011||116||JailbreakMe 3.0||comex|
|iOS 5.0||October 12, 2011||October 13, 2011||1||redsn0w||iPhone Dev Team|
|iPhone 4S||October 14, 2011||January 20, 2012||98||Absinthe||pod2g, Chronic Dev Team, iPhone Dev Team|
|Apple TV (3rd generation)||March 7, 2012||-||-||-||-|
|iPad (3rd generation)||March 16, 2012||May 25, 2012||70||Absinthe 2.0||pod2g, Chronic Dev Team, iPhone Dev Team|
|iOS 6.0||September 19, 2012||September 19, 2012||0||redsn0w||iPhone Dev Team|
|iPhone 5||September 21, 2012||February 4, 2013||136||evasi0n||evad3rs|
|iPod touch (5th generation)||October 23, 2012||February 4, 2013||104||evasi0n||evad3rs|
|iPad (4th generation)||November 2, 2012||February 4, 2013||94||evasi0n||evad3rs|
|iPad Mini||November 2, 2012||February 4, 2013||94||evasi0n||evad3rs|
|iOS 7||September 18, 2013||December 22, 2013||95||evasi0n7||evad3rs|
|iPhone 5C||September 20, 2013||December 22, 2013||93||evasi0n7||evad3rs|
|iPhone 5S||September 20, 2013||December 22, 2013||93||evasi0n7||evad3rs|
|iPad Air||November 1, 2013||December 22, 2013||51||evasi0n7||evad3rs|
|iPad Mini (2nd generation)||November 12, 2013||December 22, 2013||40||evasi0n7||evad3rs|
|Software Name||Release Date||Hardware||Firmware||Untethered?||Publisher|
|JailbreakMe 3.0||July 5, 2011||||4.2.6–4.2.8|
|Seas0npass||October 18, 2011||2nd generation Apple TV||4.3–4.4.4||Yes|
|redsn0w 0.9.15 beta 3||November 1, 2012||||4.1–6.1.6||Untethered: 4.1–4.3.3, 4.2.6–4.2.8, 5.0.1, 5.1.1, 5.0/5.1 (only for iPhone 3GS with old boot ROM)|
Tethered: 4.2.9–4.2.10, 4.3.4–4.3.5, 5.0, 5.1, 6.0, 6.0.1, 6.1, 6.1.2, 6.1.3, 6.1.5, 6.1.6 (not available for devices newer than the iPhone 4, iPad 1, or iPod touch 4)
|iPhone Dev Team|
|Absinthe 2.0.4||May 30, 2012||||5.1.1||Yes||pod2g, Chronic Dev Team, iPhone Dev Team|
|evasi0n||February 4, 2013||6.0-6.1.2||Yes||pod2g, MuscleNerd, pimskeks, and planetbeing (evad3rs)|
|evasi0n7||December 22, 2013||7.0-7.0.6||Yes||pod2g, MuscleNerd, pimskeks, and planetbeing (evad3rs)|
|p0sixspwn||December 30, 2013||6.1.3-6.1.6 (6.1.6 via redsn0w + p0sixspwn Cydia package only or p0sixspwn.)||Yes||winocm, iH8sn0w, and SquiffyPwn|
|Geeksn0w||March 14, 2014||iPhone 4||7.1-7.1.1||Semi-Untethered||GeoHot, Winocm, Smolk1984, Matteo Piccina, msftguy, Savi0r and Arrapazh|