There’s no supported way to detect jailbroken phones.
My recommendation here is that you not attempt to do this because:
unsupported techniques are… well… unsupported
such techniques can cause problems with App Review
such techniques tend to be brittle, that is, they break as the OS evolves; this causes two problems:
- false positives
- crashes, or other failures
both of which annoy your legitimate users
it puts you into an arms race with your attackers; if lots of apps use a specific check, the attackers will patch that check
It is better, IMO, to spend your time adding features that help you legitimate users.
Oh, one last thing: as jailbreak detection is not supported, it’s not an appropriate topic for DevForums. I’m happy to discuss it in general terms but let’s not stray into the specific technicalities, eh?
Share and Enjoy
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware
let myEmail = "eskimo" + "1" + "@apple.com"
Why can't it be discussed? Just because there isn't an official method doesn't mean methods can't be discussed. In fact, major programs like tivo, and banking apps all have anti-jailbreak methods that work extremely well. I like to learn how that is done, since it seems the major anti-jailbreak detections tools fail against it. Why is it TiVo is able to successfully evade these tools, but all the other libraries just simply read the file system for verboten files? The entire point of discussion is to discuss development ideas. So I 100% disagree with your response to OP. This is something to be discussed and what better place than the official apple forums? So if us "little" guys get rejected for doing these things, you should also reject Concur, TiVo, etc for doing the same thing. If they have such excellent detection that is far superior to what I can do, then clearly they are doing something that is against the T&C of the App Store, and clearly Apple is condoning it.
I am working on a streaming app with hundreds of thousands users, and we don't have a single jailbroken user in the logs, and jailbreaking is not even a concern for us these days.
My suggestion is the same as Eskimos, don't even bother.
Make a secure architecture instead, that doesn't trust the client.
Most applications nowadays rely heavily on REST interfaces, which can easily be fooled and tampered with using a regular proxy server, (even with https, unless they use cert pinning) so a jailbroken client should be the least of your concerns.