Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Back in the day a JB was expected with somewhat relative ease. Now it's not.

How does this equate to "iOS security is worse than ever"?
There were also a lot more people looking for these exploits to release as a jailbreak. As Apple has slowly added the big name features people jailbroke for, those folks moved on.

So it doesn't necessarily mean iOS security is any better than it was in years past. Just means there are less people looking for ways in that would benefit the jailbreak community.
 
I will certainly give this Jailbreak a go - to deactivate all the that ******** COVID-19 stuff. 💪
It is already deactivated.

If you do not install an app, it is deactivated.

My country does not have an app. So I can't even activate it at all.
 
Can't wait for this to be released, I haven't jailbroken since iOS 10.

A couple of things I miss:
*YouTube background playing + being able to download videos straight into my phone
*No ads on YT/Twitter
*GBA emulator
*Call banners!
*Editing the hosts file
*Password/TouchID/FaceID protecting specific apps
*Location spoofing
*Netflix screenshots
*Disabling Airplane Mode and turning my phone off from the Lock Screen, in case my phone goes missing
*Better notification grouping
*Lock Screen and Home Screen customization. I like keeping my Lock Screen simple and functional, and for the Home Screen I especially especially miss getting more icons per page on smaller phones

I don't pirate iOS apps, and most of the games I play on my phone are single-player and I don't like cheating on them anyways. Point is, there are definitely more uses to jailbreaking than piracy and cheating, and some of the tweaks available can make your phone more secure against the common thief (government agencies not withstanding).

I will certainly give this Jailbreak a go - to deactivate all the that ******** COVID-19 stuff. 💪
LOL you don't even understand how the contact tracing API works, buddy.
 
  • Like
Reactions: Jynto
There were also a lot more people looking for these exploits to release as a jailbreak. As Apple has slowly added the big name features people jailbroke for, those folks moved on.

So it doesn't necessarily mean iOS security is any better than it was in years past. Just means there are less people looking for ways in that would benefit the jailbreak community.

Really? Really? I'm gonna call BS on this claim. That's all plenty of folk out there looking to JB or sell.
 
It is already deactivated.

If you do not install an app, it is deactivated.

My country does not have an app. So I can't even activate it at all.
Yeah, even if you do install a contact tracing app if your state (in the U.S.) is not yet set up with a program contact tracing utilities will not active.
 
Haven't jailbroken mine in years, what's the point nowadays, are there still features you really need by compromising the security on your device.

Stability was always an issue on the iPhones I had it on, so just after a short while I went back to stock iOS.
Jailbreaking doesn’t change anything security wise on your phone... that exploit used to jailbreak is obviously there regardless if you jailbreak or not. In some cases jailbreaking can allow you to actually close said hole...
 
Last edited:
Jailbreaking doesn’t change anything security wise on your phone... that exploit used to jailbreak is obviously there regardless if you jailbreak or not. In some cases jailbreaking can allow you to actually close said hole...

You are rooting your iPhone, so yes, security is compromised, afaik any app gets root acces.
The jailbrake itself might not be harmful on it's own, I say might because you don't know the devs.
They could be evil as well.
 
I see no reason, as an end user to jailbreak my phone. Not now. Apple added all the things people used to jailbreak their phones to have, and security of my device is more important than any techno geek stuff I could do with it.

This statement is so wrong and uninformed its not even funny.
 
Really? Really? I'm gonna call BS on this claim. That's all plenty of folk out there looking to JB or sell.
Well, a security company that buys software exploits have to lower the price of iOS 13 exploits as there are just too many. I could not find the original ZDNet article anymore, but I am not surprised that iOS could be as weak on security as Microsoft Windows 10, now that iOS has a fair amount of market share on mobile market.
 
Haven't jailbroken mine in years, what's the point nowadays, are there still features you really need by compromising the security on your device.

Are there features? Sure. Clipboard history, for example.

Is it worth it? Probably not.
 
You are rooting your iPhone, so yes, security is compromised, afaik any app gets root acces.
The jailbrake itself might not be harmful on it's own, I say might because you don't know the devs.
They could be evil as well.

This isn't true at all! Apps only gain a few sandbox exceptions to allow tweaks to work properly, they neither get out of the sandbox or get root. The dynamic nature of the unc0ver jailbreak allows to apply different rules to different things, preserving security.
 
This isn't true at all! Apps only gain a few sandbox exceptions to allow tweaks to work properly, they neither get out of the sandbox or get root. The dynamic nature of the unc0ver jailbreak allows to apply different rules to different things, preserving security.


You know this just how?

Sure it states that on the website, but has it been vetted? Was there a proper code review? Are there errors in how this is functionality was enabled?

The desire to believe does not a fact make.

In the meantime, there's going to be plenty of bad actors out there who'll be more than happy to test out this claim - and profit accordingly.
 
  • Like
Reactions: justperry
This isn't true at all! Apps only gain a few sandbox exceptions to allow tweaks to work properly, they neither get out of the sandbox or get root. The dynamic nature of the unc0ver jailbreak allows to apply different rules to different things, preserving security.

This ⬇︎⬇︎⬇︎

You know this just how?

Sure it states that on the website, but has it been vetted? Was there a proper code review? Are there errors in how this is functionality was enabled?

The desire to believe does not a fact make.

In the meantime, there's going to be plenty of bad actors out there who'll be more than happy to test out this claim - and profit accordingly.

Exactly.

Blah blah blah...

It asks for your AppleId credentials, raises a flag for me, they say they won't do anything with it, it will be send to Apple only, that's what they say, I don't know, not saying they are wrong but trust them blindly...nah.
 
Last edited:
You know this just how?

Sure it states that on the website, but has it been vetted? Was there a proper code review? Are there errors in how this is functionality was enabled?

The desire to believe does not a fact make.

In the meantime, there's going to be plenty of bad actors out there who'll be more than happy to test out this claim - and profit accordingly.

I'm one of the developers. I have access to the source code.
[automerge]1590421849[/automerge]
This ⬇︎⬇︎⬇︎



Exactly.



It asks for your AppleId credentials, raises a flag for me, they say they won't do anything with it, it will be send to Apple only, that's what they say, I don't know, not saying they are wrong but trust them blindly...nah.

You can verify yourself what the tool does with your credentials. Take any network debugger and see the requests it does. Not just that, but the tool was also written by a trusted and famous developer.
 
You know this just how?

Sure it states that on the website, but has it been vetted? Was there a proper code review? Are there errors in how this is functionality was enabled?

The desire to believe does not a fact make.
I'm one of the developers. I have access to the source code.
[automerge]1590421849[/automerge]


You can verify yourself what the tool does with your credentials. Take any network debugger and see the requests it does. Not just that, but the tool was also written by a trusted and famous developer.

Has it been vetted? Who did the code review?

I once worked at a company who had three distinct domains between the outside world and corporate. We thought we were safe. We were wrong. What makes you think this code is infallible?

Sorry, but I'd not trust your code on my device if my life depended on it. The risk is too great these days.
 
Has it been vetted? Who did the code review?

I once worked at a company who had three distinct domains between the outside world and corporate. We thought we were safe. We were wrong. What makes you think this code is infallible?

Sorry, but I'd not trust your code on my device if my life depended on it. The risk is too great these days.

> Who did the code review?

We're 3 developers and we review our own code.

> infallible

I'm not saying the code is infallible. But due to how our jailbreak (or any jailbreak) works, a mistake is very likely to cause a bug and very unlikely to give things access they shouldn't have. So we really don't need a specialized team to review our code. Getting access in a jailbreak requires effort, it cannot be done as a mistake. And if you happen to do that mistake it's likely it'll be obvious and you're going to immediately fix it.

Let's make an example, application sandboxing. I'm going to explain the process without getting technical.

The unc0ver sandbox patches work by giving apps exceptions. By giving them the ability to access certain jailbreak files, but not user data. What if this goes wrong you say and you give it full access? It's not possible to do this accidentally. It doesn't take changing a letter or a number, you'd have to write new code that very obviously yells "I'm giving it access to everything".

But, there is another method that we use to unsandbox things completely, we use that for Cydia apps. You might say, what if that goes wrong and you do it with all apps?

Do you know what happens if you unsandbox all apps using this method? Apps go crazy. This method gets rid of containers, so any data you might have had on that app will appear inexistent. You'll notice this the moment you open an app, it would look like it was reset. Not just that, but apps would start throwing errors and not working properly.

What if we didn't notice that? (eh, impossible, this jailbreak thoroughly was tested for weeks in testing and personal devices). Users would immediately notice it. Users haven't reported any bugs about apps acting up.

You might also ask, what if it didn't happen to you but it does to someone else? Our patches are deterministic. They either always work, or never work.
 
That attitude tells me everything I need to know.

It's not an "attitude", it's a fact. I gave you the full explanation behind it. By the way? Who exactly will review our code? Nobody can understand what it's doing better than us.

If you're not informed about how the jailbreak works, don't comment about it.
 
It's not an "attitude", it's a fact. I gave you the full explanation behind it. By the way? Who exactly will review our code? Nobody can understand what it's doing better than us.

If you're not informed about how the jailbreak works, don't comment about it.

I currently run a team of developers. I develop myself. I also work closely with our Security team.

In a previous life at a large national Bank I helped detail how the Russians gained entry to our backend systems and created reverse payment transactions within our payment gateway application, then work with the legal department on how to proceed.

Prior to that I've been a military contractor doing work for the RAF and British Army. I've found security holes in Military Grade HPUX, and labeling data issues with the also military grade Database system running on it, and had to report as much to the Admiralty Board.

Don't you dare presume I don't know what I'm talking about. I can assure you I've 30+ years experience in this game.

The attitude of "our code is so good it doesn't need a code review" would get you fired from any reputable shop.

Pride comes before a fall. ALL code needs a code review. You thinking it does not simply demonstrates a level of arrogance that will one day cause you much distress.
 
I currently run a team of developers. I develop myself. I also work closely with our Security team.

In a previous life at a large national Bank I helped detail how the Russians gained entry to our backend systems and created reverse payment transactions within our payment gateway application, then work with the legal department on how to proceed.

Prior to that I've been a military contractor doing work for the RAF and British Army. I've found security holes in Military Grade HPUX, and labeling data issues with the also military grade Database system running on it, and had to report as much to the Admiralty Board.

Don't you dare presume I don't know what I'm talking about. I can assure you I've 30+ years experience in this game.

The attitude of "our code is so good it doesn't need a code review" would get you fired from any reputable shop.

Pride comes before a fall. ALL code needs a code review. You thinking it does not simply demonstrates a level of arrogance that will one day cause you much distress.

"All code needs review", I never denied that, stop putting words in my mouth. I only denied the fact that we need a specialized team for it. We're the best people for the job. Jailbreak development is different from other kind of development. Don't try to generalize it please.

And there's an important point that you're missing. It is true that "anyone can make mistakes" but it is absolutely not true that "anyone can make *any kind of* mistakes". You have to consider the circumstances. In certain circumstances there are certain mistakes that you just *cannot* do. Am I denying that unc0ver could cause stability issues? It's not impossible that we left a bad patch. Am I denying that unc0ver can give all your apps access to your device? Yes, because it simply isn't true and literally anyone can check it. And due to reasons I fully explained above (which you've completely ignored), that kind of condition is deterministic. It will either always work, or never work.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.