Do apps on jailbroken iOS devices have uncontrolled access to all my data?

ios jailbreak ipod-touch

I'm thinking about jailbreaking my iOS device but one thing worries me. Apple's restrictive developer API has one big advantage: apps can't tinker with my data outside the app unless I allow them to.

Can apps on jailbroken iOS devices access my e-mails, iTunes account password (through keylogging) and other sensitive information without my consent?


Solution 1:

Yes. Any jailbreak-only app could potentially do everything you describe because they can acquire root access and run outside of iOS's sandbox.

Solution 2:

The author of Cydia ("saurik") recently answered some similar questions on Reddit - here's one comment:

...you should also ask the following modified question: how does Apple reassure people that the apps in the App Store are safe, and are not doing things like uploading their address books to third parties, or tracking their location?

The answer is "they can't": apps are allowed to use the address book and your location, and without reading through the source code (itself an error prone form of analysis) you don't know what the app actually /does/, so you can't make any claims about whether it does these specific things you consider evil or not.

At the end of the day, you really need to just not install software from vendors that you don't trust (and to be 100% clear: I mean the person who actually wrote the software, not the person who sold it to you), and anyone who tries to provide you assurances otherwise is just selling you the proverbial snakeoil.

And from a second comment:

You are correct, however, that applications in Cydia are not checked to see if they are malicious, but neither are applications submitted to the App Store: neither we nor Apple are looking at your source code. There is nothing that keeps a normal App Store application from reading your address book, tracking your location, and uploading all of this to a server; in fact, nothing keeps these same "approved by Apple" applications from using local-to-root kernel exploits in order to bypass the sandbox and take /all/ of your data, including installing a rootkit on your phone.

Related

Can my Thunderbolt Macbook Air drive my Mini DisplayPort iMac as an external display?
swap mapping of left and right shift keys
Mac High Sierra not able to Set Touch ID - Canceled by another authentication
Changing my iTunes account details
How do I get VMware Fusion to use the native screen resolution within a scaled OSX desktop?
Is there a way to make iPhone forget the data belonging to one app?
Locking my machine causes my network Connection to sleep
Command Line Tools fail to install OS X Lion 10.7.3 Xcode 4.3
iCal Google Sync -- how to get rid of folders (delegates)?
Automator service not showing in services menu
Time Machine is skipping files and folders. How to fix?
MacBook Pro with Touch Bar; switch between F keys, app controls and control strip?