Appknox, a leading mobile security testing platform, has announced two new features today – Root Detection Bypass and Jailbreak Detection Bypass. Through these features, Appknox users can identify if Root Detection has been implemented correctly in the Android applications and bypass it while running Appknox’s Dynamic & API Scans. With this release, the Jailbreak implementation in iOS applications can be bypassed automatically. As a result, users can now upload .ipa files even with the Jailbreak Detection enabled and seamlessly run SAST, DAST & API scans.
- Android is very similar to Linux in that it runs on the Linux kernel. With access control similar
to Linux, regular users of Android devices have very limited permissions compared to users who have rooted their devices. Without rooting, users cannot access or modify system files and folders. Once rooted, the user has full access to the device. Rooting allows the user to make changes to everything non the device. This allows users to do things that were previously impossible, like removing bloatware, customization, custom ROMs, etc.
Regarding these new features, Harshit Agarwarl, CEO of Appknox said, “Appknox vision is to make mobile app security as seamless as a thought, and in line with that, we have made Appknox platform accessible for Applications that have jailbreak and root detection check on as most of the apps on play store ensure they don’t run on a jailbroken or rooted device. This is a first step towards making Appknox easy and simple to use for anybody at the company without having technical knowledge and understanding the security posture of their app.”
Subho Halder, CISO of Appknox, shared a similar vision of the features and mentioned, “Appknox is committed to securing mobile applications with a holistic yet easy approach. Root & Jailbreak detections and their bypasses in the Appknox platform will ensure more coverage while performing vulnerability assessment. At Appknox, we will continue to build such features, making it comprehensive, smoother and easier for businesses to understand their security posture.”
What do We Need Root Detection for?
In addition to the benefits of rooting Android devices, many security issues are also associated with it. Once you have root privileges, you have full control to make changes across the device. But this also means your device is now an open target for threat actors. Rooted devices may contain many apps that process sensitive information, such as banking apps, payment apps, social media, and cloud storage. Malicious downloads can expose your device to hackers. For these reasons, the apps installed on a device need to make sure that the device isn’t rooted. This acts as a precautionary measure to protect critical user and business information data.
iOS has always been considered a safe haven when it comes to mobile application security. Every year this operating system tries to come up with more and more efficient updates to make life easy for its users and the respective application and security service providers. However, for tech-savvy users, these timely improvements may not sound enough and there are always people who consider that there is room for more improvement. And hence comes the term ‘Jailbreaking’.
What does ‘Jailbreaking’ Mean?
Jailbreaking is the process by which a user can gain access to the administrative commands and
functions of an operating system. It gives the ability (or permission) to alter or replace system
applications, files, and settings, removing pre-installed applications, and running specialized applications (“apps”) that require administrator-level permissions. In a 2020 research on 425 million devices, Wandera highlighted that there had been a 50% increase in the number of jailbroken devices from the previous year, a quite formidable jump! With jailbreaking, one can actually remove almost all the restrictions from their iOS device and open up gateways to make unimaginable modifications. While this may sound pretty fascinating at first, this also opens up innumerable avenues for security vulnerabilities and threat actors to creep inside your device. So, let’s take a look at how application developers can take specific steps to ensure that their applications stay secure in the context of jailbroken devices.
The features released now makes the lives of our users a little more easier. Now, they don’t have to disable these implementations (Root detection & Jailbreak) to perform the vulnerability assessments. Once we’ve identified that there’s Root detection enabled in Android apps or the Jailbreak implementation is present in iOS apps, they can continue to perform the automated VA scans without any hindrance.” said Raghunandan J, Senior Product Manager at Appknox.