Jailbreaking has been a beloved hobby of mine since iOS 3, and in that timeframe, there would almost always be a new jailbreak release shortly after Apple came out with a new firmware update in the Fall months. Fast-forward to modern times, and it seems we’re waiting ever so longer for jailbreaks to release, and lots of jailbreakers want to know why.
I get it, no one likes waiting excessive periods of time for opportunities to do neat things with their iPhone or iPad that they know Apple would never permit even if the world was on the brink of ending. I’m right there with you. But it’s all a part of the game. In today’s piece, I’ll explain why jailbreaks are getting fewer and further between, especially compared to the good old days of yore.
Apple’s relationship with jailbreaking
Apple has always gritted its teeth toward jailbreaking its iPhones. Many years ago, Apple would refuse warranty service or customer service for devices that had acted up because of a faulty jailbreak hack, but users got smart and started restoring their device to factory settings before initiating a request to circumvent this problem.
If Apple had their way, jailbreaking would be banned. But thanks to Cydia founder Jay Freeman, there exists an exemption for jailbreaking that prevents Apple from banning the practice over copyright claims. For this reason, jailbreaking has remained a full-force hobby of many enthusiasts and remains so even today.
Apple and jailbreak developers have played a cat-and-mouse game over the years that went something like this:
- Apple would release a new firmware
- Hackers would find a way to pwn it
- Jailbreak developers would build jailbreaks
- Apple would patch it in another firmware update
- Rinse and repeat
Over time, Apple became wise to this waste of resources and began ramping up device security on an incremental basis such that jailbreak tool development became increasingly challenging.
At some point, Apple’s security improvements caught up with the skills of those prominent hackers who were willing to share their work with the world. Apple even began using bribe money in the form of bug bounties to sway those hackers into sharing their vulnerabilities with Apple instead of with the world. It was on or about this change that jailbreak developers had fewer tools to work with.
With more security researchers sharing bugs and vulnerabilities with Apple rather than the world, they’d score a payout and Apple would patch them before jailbreak developers could make effective use of them. This resulted in jailbreak developers attempting to convince avid Apple device users to stay on older firmware that remained vulnerable to those bugs and vulnerabilities rather than updating and taking advantage of the shiny new features in firmware updates.
This was important because Apple doesn’t generally allow device firmware downgrades once an older firmware becomes unsigned. The recommendation to stay on a lower firmware therefore became a common trend on or about iOS 11, starting with the unc0ver jailbreak.
If you feel like there has been a downward spiraling trend in the world of iPhone jailbreaking since then, you’d likely be correct. But we’ll get into that later.
The past few years
Soon after staying on the lowest possible firmware and avoiding firmware updates to preserve jailbreak eligibility became a relatively standard practice for anyone who wanted to jailbreak their iPhone or iPad, Apple recognized that it was already ahead of the curve. If hackers weren’t perpetuating the bugs and vulnerabilities for jailbreak development for the latest firmware, then all Apple needed to do was continue hardening its security, and that’s exactly what the Cupertino-based company has started doing.
Even though we began witnessing a slowdown in jailbreak development on or about iOS 10 or 11, that slowdown has gotten progressively more pronounced over time. The unc0ver jailbreak continued to see regular updates until iOS & iPadOS 14, which is when Linus Henze released the Fugu14 untether. During this time, competing teams also released jailbreaks such as Electra for iOS 11, Chimera for iOS 12, Odyssey for iOS & iPadOS 13, and Taurine for iOS & iPadOS 14.
After iOS & iPadOS 15 came about, that’s when things appeared to start hitting a wall for the jailbreak community. The unc0ver jailbreak was no longer being maintained, and big changes with Apple’s device security meant that jailbreaks would likely need to be rootless from here on. A lot of the community didn’t like this given the incomplete feeling of previous rootless jailbreaks, but more on that later.
At-the-time Odyssey Team lead developer CoolStar would announce that they were working on a rootless iOS & iPadOS 15 jailbreak called Cheyote and that it would likely be their last jailbreak before leaving the community. But despite countless teasers, Cheyote never came to fruition. CoolStar had simply lost interest in the community, finding other things to keep them busy.
Later yet, CoolStar would go on to be hired by Apple. It was a common trend by the company to absorb the jailbreak community’s talent. Countless jailbreak-oriented hackers went on further their work at the company that manufactured the very devices they’d once hacked, including Linus Henze. Apple has undoubtedly received valuable security input from these hackers as to how they can harden their devices’ security.
That left us with Fugu15, an unfinished developer-only open-source jailbreak for iOS & iPadOS 15 by Linus Henze that supported more firmware versions than Cheyote would, but it lacked a tweak injection library to make it viable for end users. Brilliant minds in the jailbreak community eventually came together to solve this problem, furthered acceptance of the rootless dynamic.
iOS developer turned jailbreak developer Lars Fröder would go on to mold the published parts of the Fugu15 jailbreak into Dopamine, a rootless jailbreak for iOS & iPadOS 15.0-15.4.1 devices. This was better than Cheyote, which was only going to support iOS & iPadOS 15.0-15.1.1, and it came with a new installation method via perma-signing in TrollStore, which was also made possible by Linus Henze’s Fugu15 project.
But all that excitement only lasted so long, as many were buying up new devices on iOS & iPadOS 16 or voluntarily upgrading to take advantage of the new features. With no jailbreak available for iOS & iPadOS 16 at the time, developers started using kernel exploits to write hack installation stores such as Misaka and PureKFD, which didn’t require a jailbreak, but allowed users to install add-ons that behaved like jailbreak tweaks.
Soon after that, developers found a way to inject jailbreak tweaks directly into apps without a jailbreak using only TrollStore, and that rapidly evolved into system-wide tweak injection by way of the Serotonin ‘semi-jailbreak.’ But when the Kaspersky security team announced Operation Triangulation, an important security bypass was released that made jailbreaking iOS & iPadOS 16 possible, and consequently, Dopamine v2 was released. That is the latest available jailbreak as of the time of this writing, and yet iOS & iPadOS 17 have been out for a year and iOS & iPadOS 18 are coming out this Fall. So now what?
Apple’s continuous security hardening
As we alluded to earlier, Apple began hardening its device security as soon as the company recognized it was ahead of the curve. Hacker and jailbreak developer Luca Todesco made this known in October of 2022, when he said that “Apple is seriously winning” in a slide presented at the Hexacon security conference.
Between Apple acquiring the jailbreak community’s talent over the years, using bounties to bribe hackers into sharing bugs and vulnerabilities only with the company, and continued security improvements that kept Apple ahead of the curve, the task to create jailbreaks became incredibly more complex (and even stressful) to most jailbreak developers.
Many jailbreakers remained complacent to this fact because the existence of a hardware-based bootrom exploit called checkm8 that supported devices up to and including the iPhone X meant that they could easily just keep jailbreaking, despite firmware updates. But once Apple began phasing these older devices out, newer non-vulnerable arm64e devices (like the iPhone XS and newer) became the dominant presence in the community, and this is where things began to sting.
You see, Apple’s arm64e devices sport additional security boosts to prevent kernel memory from being tampered with as easily as it could have been on checkm8-vulnerbale arm64 devices. It was starting with these devices that things like Page Protection Layer (PPL), Pointer Authentication Codes (PAC), and Secure Page Table Monitor (SPTM) came into play. These effectively prevented the development of ‘simple jailbreaks,’ and meant that jailbreak developers had to contend with an uphill battle to create anything even close to being viable.
Jailbreaking, which once required a simple kernel task port via tfp0, now required the burning several layers of techniques to achieve the same result on arm64e devices. This meant that instead of just a kernel exploit, jailbreak developers would need a kernel exploit and a way to bypass PAC and PPL.
If one of these components was released, but another wasn’t, then no jailbreak could be made until all the pieces of the puzzle were available. That’s why we didn’t have a jailbreak for iOS & iPadOS 16 despite having the Kernel File Descriptor kernel exploit and why we had to wait for Operation Triangulation to get a PPL bypass that eventually made Dopamine v2 with iOS 16 support possible.
Today, Apple has hardened its systems even more. PPL has been released by SPTM, a newer and more secure method of verifying that everything in the kernel memory is as it should be. This means that making a jailbreak for iOS & iPadOS 17 would require not only a kernel exploit, but also a bypass for SPTM, along with anything else that would be required.
To our knowledge, the same is true about the forthcoming iOS & iPadOS 18, and we can only assume that if someone finds a way to bypass SPTM that the security mechanisms in next year’s iOS & iPadOS 19 release would only become even more challenging to crack.
You should now be able to spot the problem…
The jailbreak community’s dilemma
The jailbreak community is stuck in a spot where Apple now enjoys a tight stranglehold over its devices’ security and the community lacks the personnel and cache hacks and techniques to keep up. The result is that jailbreaks take substantially longer to research, develop, and release. This is also why we’re still talking about iOS & iPadOS 16 jailbreaks during the iOS & iPadOS 18 launch year.
There’s always the chance that a large group like the Kaspersky security team or an individual researcher drops all the necessities for developing jailbreaks for modern devices on newer firmware, but then there’s also the requirement of a jailbreak developer who can use all those tools to make one. Neither of these things are guaranteed, and we’ve been quite fortunate thus far.
Also incredibly unlikely, I do think that one of the only silver bullets to this situation would be the discovery and release of another hardware-based bootrom exploit, but given just how exceedingly rare those are, it would be nothing short of a miracle for that to happen.
With everything we’ve just said in mind, the best strategy for anyone who wants to jailbreak currently is to stay on the lowest possible firmware and avoid software updates. If that isn’t a possibility because you either want the new firmware features as they come, or because an app from the App Store demands a newer firmware to run, then you might consider keeping both a main device and a jailbroken side device as I do.
I often see jailbreak developers making tools for older firmware and device combinations, even if one already exists. While some jailbreakers see this as extraneous, I think it’s important because it allows prospective jailbreak developers to hone their skills and potentially discover new ways to crack iOS & iPadOS. That said, we may one day depend on the knowledge learned by creating these ‘extraneous’ jailbreaks to make modern jailbreaks, so it shouldn’t be discounted or disapproved by the community.
My thoughts on the jailbreak community today
I’ve been around in the jailbreaking realm for quite some time, and I can remember a time when the jailbreak community was bustling with new jailbreak tweaks every single day, often multiple times a day, and when the waits between jailbreaks was almost negligible.
While it’s frustrating not to be able to jailbreak a current release on the latest handset right now, I think this is to be expected as Apple poaches more of our community’s talent and further enhances device security. In the long run, more secure devices benefit everyone, and it’s also worth noting that Apple has been making iOS & iPadOS even more customizable in recent years, almost as if to mimic jailbreak tweak functionality.
As a direct consequence to Apple’s hiring of jailbreak community talent, we have fewer hackers on our side, and the same can be said about jailbreak tweak developers. In some ways, our losses to Apple outweigh the amount of new talent entering the community, which exacerbates the slowdowns we see today.
Still, nothing beats full, unfettered control over your own device, and that’s one reason why I think the jailbreak community continues to have a loyal following. While not as large as it once was, we can only hope that spirit keeps burning strong as the going gets tougher, as I’m just as avid of a jailbreaker today as I was more than 10 years ago.
So, is jailbreaking dead? That depends on who you ask. Personally, I think the buck stops with the very last person who gives up on the dream, and we still have people fighting for it even today. While less patient folks say that it’s dead simply because you can’t jailbreak the latest version of iOS or iPadOS yet, I tend to disagree – at least as of right now.
Should jailbreaking ever cease to exist, I don’t think we’ll ever stop seeing iPhone and iPad hacks. As we saw with package manager apps like Misaka and PureKFD, there’s still tons of interest in exploiting the device for the user’s benefit, even when a jailbreak isn’t possible. Outside of that, we can also sideload apps that Apple doesn’t allow in the App Store. That said, there will always be some form of hack to make it possible to do things Apple simply won’t let you do.
Wrapping up
Do you still jailbreak your iPhone or iPad? If not, why did you decide to stop? And if so, then what makes you keep coming back?
We’re interested in learning your thoughts about all of this in the comments section down below.
