Linked by Thom Holwerda on Sat 9th Feb 2013 01:01 UTC
Apple "Over the last half a week, Apple has been hit with the largest mass-hacking incident in its history. And the perpetrators were the company's own users. Nearly seven million iPhone, iPad and iPod touch owners have cracked Apple's restrictions on their devices using the jailbreaking tool Evasi0n since the tool was released Monday morning, according to the latest count from Jay Freeman, the administrator of the app store for jailbroken devices known as Cydia. That makes the iOS-hacking app the fastest-adopted jailbreak software of all time, Freeman says." Because, of course, only nerds and geeks jailbreak. There's also a technical analysis of the jailbreak.
Thread beginning with comment 551962
To read all comments associated with this story, please click here.
I ssee both sides of this
by darknexus on Sat 9th Feb 2013 02:04 UTC
darknexus
Member since:
2008-07-15

It's interesting that just today I was dealing with a jailbroken iOS device that had a lot of Malware on it. It's not the fault of jailbreaking itself, but a fault of the repositories this idiot added to Cydia. Nevertheless, I got a small taste today of why Apple wouldn't want to deal with it and, given how many random emails this phone was sending out, it would really have been a problem for those who didn't have a high data cap. The problem at the moment is that jailbreaking has become simple enough for anyone to do it, and so you do get a lot of people who are jailbreaking and really have no idea how to maintain their systems. I've seen this with Android as well. In both cases, it's usually a result of a user being too cheap to pay for a $0.99 app and pirating it instead, with some malware riding along.
I'm for an alternative approach. Allow side-loading in iOS, but only after turning on a "big red switch." This switch would, once turned on, send your serial number to Apple and void your warranty (unless, of course, you've paid for extra Applecare coverage). You could install any apps you want, but hopefully we could scare the people who shouldn't be side-loading away before they start causing problems. This has already been done with some HTC Android phones with their official boot loader unlocking tool. I think tha similar approach would be perfect here.

Reply Score: 2

RE: I ssee both sides of this
by _txf_ on Sat 9th Feb 2013 02:16 in reply to "I ssee both sides of this"
_txf_ Member since:
2008-03-17

The problem at the moment is that jailbreaking has become simple enough for anyone to do it, and so you do get a lot of people who are jailbreaking and really have no idea how to maintain their systems.


Part of the problem is that apple opted for the easy way of doing security, effectively shunting those that desire choice to having no security and no education about security. Say what you will about laissez-faire on Android but at least the permissions view builds awareness of potential security issues that could arise.

MS learned to do security the "proper way" with windows (not metro/8 which is essentially a devolution).

Reply Parent Score: 3

darknexus Member since:
2008-07-15

Part of the problem is that apple opted for the easy way of doing security, effectively shunting those that desire choice to having no security and no education about security. Say what you will about laissez-faire on Android but at least the permissions view builds awareness of potential security issues that could arise.

Only if one reads them and only, in the case of side-loaded apk files, if the permissions in the package metadata are correct. Most pirated apks, from what I've seen, conveniently leave out a lot of the more suspicious permissions or omit them entirely. That's usually when someone asks me to help with their phone and it's like tech supporting an older Windows pc. Neither Android nor iOS have real security as part of the os.

Reply Parent Score: 1

WereCatf Member since:
2006-02-15

Say what you will about laissez-faire on Android but at least the permissions view builds awareness of potential security issues that could arise.


As if. I know quite a lot of people with Android - phones and only the nerds understand permissions, not a single non-nerd. The availability of the permissions tab under Android has done fuck all about this. And why? Well, because you need to consciously seek them, you're not at any point asked about the permissions during normal operation, you're not allowed to change the permissions and they're way, WAY too vague to actually tell anything meaningful. You need to already have understanding about the topic to have even the vaguest idea about what each particular item on the permissions tab entails, and even then you're just not given enough details about any of them to really know if it's a good or a bad thing to allow it through.

Reply Parent Score: 4

RE: I ssee both sides of this
by Soulbender on Sat 9th Feb 2013 02:33 in reply to "I ssee both sides of this"
Soulbender Member since:
2005-08-18

Allow side-loading in iOS, but only after turning on a "big red switch."


Sounds good...

This switch would, once turned on, send your serial number to Apple


Until this part. WTF? It's NONE of Apple's business who jailbreak their phones.

and void your warranty (unless, of course, you've paid for extra Applecare coverage).


I would have thought that's already the case.

Reply Parent Score: 3

darknexus Member since:
2008-07-15

Until this part. WTF? It's NONE of Apple's business who jailbreak their phones.

No, it's not, but unfortunately I can't think of a better way to make this work. There has to be able to be some record of the device being jailbroken, otherwise Apple will end up obligated to fix something they don't support. I'm trying to think of a more balanced way to handle it, but I just can't. Besides, I notice you don't raise any objection to HTC having known who unlocked their boot loaders. I don't particularly like any company having a record like that but, if such a system were to work, it's necessary.

"and void your warranty (unless, of course, you've paid for extra Applecare coverage).


I would have thought that's already the case.
"
Officially, it is. However, unless the phone is blatantly jailbroken (e.g. you've got a cydia icon glaring out from your springboard) then odds are they'll not even check for it. For example, I saw an iPhone where a bad bit of malware pulled in managed to forceably overheat the device, which ended up frying the battery. It was completely, 100%, the fault of the user in this particular case. They downloaded this app, ran it, noticed their phone was getting hot but rather than remove it, they continued to use it. The result? Apple couldn't prove it was jailbroken, so they had to fix it. This would not have been covered by the warranty in any other circumstance. The only way I see to be fair to both the businesses and the power users is to have some form of record that the device has been jailbroken. I've tried to see another way to be fair to all sides, and I just don't.

Reply Parent Score: 3