Detect if iOS app hacked

Related searches

My friend got a jailbroken iPad. When he installed Business Model Generation App from Installous and tried to use it, the application showed a UIAlertView with the following message:

Does anybody know how to do that?

I have 2 ideas:

  1. If there is some set flag when you download app from the App Store, then you can use this flag: if flag = NO, you show the UIAlertView.
  2. Something with a server (but in this case, you should know all device IDs and who installed your application from the App Store).

Am I right? How can I implement this feature?

You can detect two files: SC_Info and iTunesMetadata.​plist.

If you can't find them, then your app was pirated: these files are installed after downloading from the App Store.

This is the code to check:

NSString * bundlePath = [ [NSBundle mainBundle] bundlePath ];
if ( ! [ [NSFileManager defaultManager] fileExistsAtPath: ( @"%@/SC_Info", bundlePath ) ] )
    // jailbroken
if ( ! [ [NSFileManager defaultManager] fileExistsAtPath: ( @"%@/iTunesMetadata.​plist", bundlePath ) ] )
    // jailbroken

This App Knows If Your iPhone Has Been Hacked—Do You?, How does iVerify detect iOS hacking? The way that Trail of Bits is trying involved studying past jailbreaks that were made public, including those� The $4.99 app addresses a gap in iOS's security: Previously, consumers had no tool to detect whether an iPhone was hacked. As Motherboard notes, Apple has generally locked down all access to iOS's

There are some libraries around which can detect if an app is cracked (and jailbroken as well), this question gives a good overview but basically its done by checking the signer identity

one library is AntiCrack. I havent used this library so I dont know how well it works

This App Will Tell You if Your iPhone Gets Hacked, The bank's app, it turned out, was designed to detect iPhone hacks, but the detection code was buggy and “total garbage,” according to Guido. iPhone app can alert you if your device gets hacked. A new app dubbed System and Security Info will scope out your iPhone for potential security threats.

I'm using this code on swift:

if Bundle.main.infoDictionary?["SignerIdentity"] != nil
     || !FileManager.default.fileExists(atPath: ("\(Bundle.main.bundlePath)/SC_Info"))
     || !FileManager.default.fileExists(atPath: ("\(Bundle.main.bundlePath)/iTunesMetadata.​plist")){
        // Jailbroken

How to Detect Spyware on an iPhone, Unlike Android, Apple doesn't allow security companies to provide apps on their official App Store that can scan your iPhone for spyware or signs of hacking. Detect if iOS app hacked. Ask Question Asked 8 years ago. Active 4 months ago. Viewed 7k times 7. 7. My friend got a jailbroken iPad. When he

This is an old question, but being a jailbreak developer myself, I think it can help folks who stumble upon it while searching for jailbreak detection bypass or such things, which are more and more relevant these days. The problem OP has is now very often present, more than it used to be.

These kinds of applications, even nowadays in 2020 detect various jailbreak utilities. I am a jailbreak developer myself. When we build a jailbreak for whatever iOS version, we add quite some base binaries to aid further.

Nowadays we place them in various hidden folders like /jb/bin or /jailbreak/binbag/ or /jb/jbstuff/ etc, while in the past they used to be placed literally on the default iOS directories such as /bin /sbin etc.

Applications that have jailbreak detection do a [NSFileManager defaultManager] fileExistsAtPath:... to check for the presence of Cydia, these base binaries (most of the times they check for /bin/bash, but nowadays for even more), and today, they even check if the ROOT FS has been remounted as R/W (it's normally RO, with only /var being writeable).

Tweaks downloaded from Cydia usually don't check for jailbreak detection (well, most of the times - there is drama between various jailbreak devs so there are artificial limitations even today), but they check the repo you downloaded from.

Most of the time it's as simple as what AppSync Unified tweak ended up doing.

There's a variable or a #define somewhere in the code of the tweak with the proper Cydia repo URL or identifier, and the tweak checks the Cydia lists to see if the tweak has been downloaded from there. If it hasn't, it would present an alert.

Some tweaks implement strange DRMs with license being downloaded from server-side every time you reboot the phone (this is odd and very little used int he jailbreak community).

Here's an example of what the AppSync Unified Tweak does:

#define DPKG_PATH "/var/lib/dpkg/info/net.angelxwind.appsyncunified.list"


if (access(DPKG_PATH, F_OK) == -1) {
        NSLog(@"You seem to have installed AppSync Unified from a Cydia/APT repository that is not (package ID net.angelxwind.appsyncunified).");
        NSLog(@"If someone other than Linus Yang (laokongzi) or Karen/あけみ is taking credit for the development of this tweak, they are likely lying.");
        NSLog(@"Please only download AppSync Unified from the official repository to ensure file integrity and reliability.");



So in the case of this jailbreak tweak, it just checks the repo it's been downloaded from. A simple patch in here would be to just load the AppSyncUnified.dylib into an arm64/arm disassembler like Hopper or IDA or even Radare2 and patch the branch. Make it a B instead of a conditional branch, so that the result of the comparison is never accounted for. As simple as that. If you wanna analyze the full source-code of AppSync Unified, there's the GitHub repo.

Of course, as I said, many tweaks use more sophisticated schemes like server-side DRM, but none of them are failproof.

*Please do understand that I do not condone tweak piracy. This reply is made to aid newcomers to this page and it aims to provide some insight into the current status of jailbreak detection and jailbreak tweaks DRM. Please buy the paid tweaks from the appropriate repos, they only cost a dollar or so.

6 Ways To Tell If Your iPhone Is Hacked, If someone has hacked your phone, then they might have access to all of your and quickly determine whether or not your iPhone has possibly been hacked. It's also worth mentioning that it is possible for hackers to hide this app even� Fortunately, you can now get a simple app that tells you in an instant whether your iPhone or iPad has been hacked. No one can jailbreak your iOS device remotely; they need physical access to it.

It's rather simple, but you could check if the cydia app is installed (By checking if it's folder exists). If it's installed, then you do not trust the device. This leaves the risk of uncorrectly letting out jailbroken iPhones/iPads that downloaded your app from app store.

iOS App Tries to Warn You of iPhone Hacking Attempts, A new iOS app launching today promises to detect whether your iPhone has been secretly hacked. The iVerify app comes from security firm� gabyrubio15 wrote: My phone has been hacked. Very unlikely. Someone could have gotten into your Apple ID on the Apple servers, but not into your iPhone itself, unless you are someone that "Jailbreaks" your iPhone, and even then it is mostly theory that a jailbroken iPhone can get hacked.

Chances are your smartphone has been hacked. The sad truth is that hackers now have a multitude of ways to get into your phone, without ever touching it. Given that our smartphones have become our new wallets, containing a treasure trove of personal and financial information, a breach can leave you at serious risk.

Install the suspicious app yourself because you were bored, or; Get your phone previously hacked. (Then someone else can install the trouble-making apps in your stead.) If you suspect either of these scenarios is plausible in your case, you can try installing some anti-spyware software such as Certo and then sweeping up the unwanted app.

If you think your Apple ID is compromised, use these steps to gain control of it and review your account information: Sign in to your Apple ID account page.If you can't sign in or you receive a message that the account is locked when you try to sign in, try to reset or unlock your account.

  • I'd bet the second approach is the used in most cases
  • and how should i know all right IDs?
  • maybe they added a special version of the app to the jailbroken store with special alert view and keep the normal app store version untouched
  • Strange thing, @Eugene, I can't find SC_Info and iTunesMetadata.plist in my own ipa.
  • @Tertium, this files wil be added in AppStore. So you should download your app from AppStore and then you will find them
  • How can you test it before submitting? for example I think you have an error on the code itself, Should be: [NSFileManager defaultManager] fileExistsAtPath: ( [NSString stringWithFormat:@"%@/SC_Info", bundlePath ]
  • I too wonder how you test for SC_Info on local devices before submitting to App Store if no such file is created by Xcode build?
  • but some peoples can buy application when they have jailbroke.. that's why this is not an option
  • This wouldn't work either because App Store apps are sandboxed, so checking for directories outside of that sandbox is not an option
  • @WrightsCS thats the whole point. when jailbroken the sandbox restrictions are removed, so checking for cydia is one part of a valid jailbreak test. it just doesnt indicate wether an app is cracked or not
  • Actually @wattson12 you are wrong. The only way an App Store on jailbroken device can access files outside of it's sandbox is if "sandcastle" is installed. Other than that, even on a jailbroken device App Store apps are still in a sandbox. Cydia apps are installed in ~/Applications (where there is no sandbox) and only those apps can access files system-wide. Your perceptions of how jail breaking works seems to be skewed. Jailbreaking in itself does not remove the sandbox restrictions. Why do you think Cydia apps are installed in a different location — because of sandboxing restrictions
  • @WrightsCS I admit I dont know what a standard jailbreak install is like but every jailbreak test i've seen includes a check to see if the app can access certain directories, and for the presence of apps like cydia. is this pointless?