You are attempting to detect jailbreaking for a reason.You're welcome to, but I'm just trying to guide you through the sorts of questions I would ask myself to answer your question. We can run through that real quick, but bear in mind that I'm not actually asking you to answer these questions here. Like anything else, it's all about the cost/benefit analysis, and unfortunately only you can do that.
This is a bit outside of my immediate area of expertise, but I think I have a good answer for you anyway. Quick note: latest versions of android (or one coming soon?) now have jailbreak protection built-in, and you can specify that you don't want your app installed on any jail-broken devices. But that would still leave us with the android issue. Perhaps in the case of iOS we could "manually" obfuscate the jailbreak detection of the code to make it look more generic / look like something else, so the attacker doesn't know what it is and thus can't modify the code since a jailbroken device is needed to do this. Dedicate time to implement obfuscation methods
This will add an extra layer of security so most attackers will desist, preventing them from modifying the app in malicious ways (other than changing jailbreak/root detection) Proprietary code will stay safer from theft Should we apply code obfuscation to our native apps? What's the course of action here? A pentest was made to our mobile app (Android and iOS version) and we received feedback stating that jailbreak/root detection was ineffective because it was relatively easy to reverse engineer the application and change the return value of the method that checks whether the device is rooted/jailbroken.
0 kommentar(er)
