iOS app detecting phones jailbroken by malware booted from App Store
The System and Security Info iOS app by German IT security outfit SektionEins has been pulled from Apple’s App Store less than a week after it was made available.
The app shows detailed information about the device it is installed – info on CPU, memory and disk usage – and also shows if the device has been jailbroken (e.g. by malware), inspects running apps (SHA1 hash, signature, entitlements), detects malware and security anomalies, and lists running process on iOS9.
SektionEins founder Stefan Esser believes it is that last capability what got the app booted from the App Store. He says that it was the only app that was able to show that list.
“All other system information tools [offered in the App Store] showing the list of running processes ceased to work in iOS 9 because Apple hardened the sandbox to not allow access to querying information about running processes anymore.”
Esser says that while Apple claims to have fixed several APIs that malicious apps used to collect information about other apps running on the target device, they are not telling the truth and have fixed the problem only in part.
“They have actually never stopped malicious applications from gathering information about what other applications run currently on your device, but only removed access to detail information that is only relevant for harmless system information tools anyway,” he claims.
Apple’s explanation for removing the app was that it provides a “potentially inaccurate and misleading diagnostic functionality for iOS devices” that could confuse users.
“The only reason our app is pulled and not the others that show system info/jailbreak status is because we put a dent in ‘unbreakable iOS’,” Esser commented on Twitter.
“It could be that some of the things we use they cannot fix in [iOS] 9.3.2 because they are too late in the release cycle. So leaving our app in the store would make it very visible that they might not intend to fix the problems before iOS 10 which comes out in months,” he told Forbes.