Regardless of its eventual fate, I'm deeply grateful to the jailbreak community for speeding up Apple's implementation of the useful tweaks power users wanted most like 3rd party keyboards, picture-in-picture, control center, F.lux, etc. iOS is a better platform today because of the JB community, so cheers all around.
Third party keyboards are still second-class citizens on iOS. They lag on switching, they don't have access to native keyboard settings, they crash debugger, their layers can't be viewed in Xcode, they sometimes break on app update and then users blame developers.
Third party everything seems to be 2nd class citizens on iOS. Apple's apps get special provisioning (not to mention default system app status) that third party apps don't.
I don't own an iPhone currently, but I haven't had any problems with Gboard on a number of iPhones that I've used that have it. Is your statement applicable to all third party keyboards, or most of them?
Is there any reason to think the jailbreak community inspired those? I'd think competition with Android, Windows phone, etc. was a lot more persuasive.
There were many instances in which a feature became available via jailbreak tweak, then showed up in the next major iOS revision. Sometimes implemented in almost the same manner.
It is possible that each instance was a coincidence, but that seems unlikely.
A lot of the features, seemingly taken from the jailbreal scene, were rather obvious additions previously found lacking in iOS, e.g. custom keyboards, call filtering and a common filesystem. Tweaks may have hastened.their development however I am yet to be convinced that Apple relies on other people for ideas.
Safari Private Browsing comes to mind. The functionality and UI was very similar to the jailbreak "tweak" available for this.
Also, the new iOS notification system on iOS 4/5 was directly nabbed from a jailbreak tweak, though it was because they hired the developer so I am assuming it was not "copied" in that case.
Wasn't the jailbreak just adding a quick toggle for the existing setting? (And the equivalent of the quickly available mode in most major desktop browsers at that time, including Safari?)
Similarly, with Notification Center I've never previously heard that credited to the jailbreak community because it was always mentioned as an area where iOS caught up to Android, which also seems likely as the inspiration for a jailbreak as well.
Ideas are a dime a dozen, however, it is likely that usage of jailbreaks were useful evidence about which features are so desperately wanted by people that they are willing to go through a nontrivial inconvenience just to get them.
Customers saying "I really want X" is generally just empty words with poor correlation about how much X is wanted, and you should take that with a grain of salt instead of assume that there's a demand for X; but on the other hand if there's a price attached (either a literal payment, or price of inconvenience as in this case) then seeing if customers really want this is very useful data.
One of the things well known at that time is the notification/control menu which was not available in official ios (the official one sucks). I even heard at some point that apple hired the guy that worked on the app for jailbroken iOS to help work on that...not sure if true story.
1. “Sucks” is not a synonym for “not to my personal taste”. One of the common trends around most jailbreaks, desktop UI hacks, etc. is that some people have very strong opinions which aren't viable for general usage; one common reason for features taking awhile to mature is making them usable for the other 99% of users. When that happens, inevitably some people in the first camp would complain about their idea being stolen and dumbed down, ignoring how much more work the general case required.
2. How much did Android, etc. influence both? I don't know which specific code you're referring to but in discussions I saw the most common way these things were described was as adapting an Android feature and by default it seems a lot more reasonable to assume the influence came from a the project with orders of magnitude greater exposure and UI development funding.
> “Sucks” is not a synonym for “not to my personal taste”.
I remember not using my iPhone for a year or so (switched to Android).
Next time I booted up that phone I had to click through -every- modal notification dialog in every app for that year (calendar events, emails, others). One by one.
It took hours to dismiss them all, before I could actually use the phone.
That's not a matter of taste. That just plain sucks.
swipe the spacebar to move the cursor is the one thing I missed the most when I switched from a jailbroken iPhone to Android. Luckily the Google keyboard recently implemented that function.
And imo much better implemented! I use both the Google keyboard and the default; Google's cursor swiping is one dimensional. Swipe back and forth to move around a line. The default one is two dimensional. You can swipe through columns too!
Meanwhile, I now have a legit reason to want a phone with force touch support, which the SE does not have. But the SE actually fits into my pockets and hands. So now I'm hosed either way. Thanks, ̶O̶b̶a̶m̶a̶HN.
We sure didn't. I think one guy got hired by Apple because he came out with an innovative app switcher, and I know a few others who got internships there, but largely speaking, Apple took over a lot of features we put into play.
P.S. There's another reason why jailbreaks are few and far in between. There is close to no trust between the people who create the jailbreaks...I had several good exploits that became public without my permission.
I remember it being a practice at one time in various IRC and other online communities to share hashes of the exploit payloads between teams so that they knew whether or not there was one or more than one, and whether or not they were going to collaborate.
As someone who used to jailbreak devices almost instantly when a tool was out, I have found myself really not needing a jailbreaking in recent years. The OS itself has matured a lot, I seem to have outgrown the "tweak mentality" and no longer find join in it, but most importantly, the security implications of jailbreaking (breaking the sandbox, running untrusted 3rd party software at the root level and the jailbreak tool itself - blob binary that has rarely been open sourced in recent years). It's just not worth the risk anymore.
On the other hand, for low level development on a lab device, jail-breaking is invaluable.
I used to do the same thing and feel the same way as you do now. I jail broke my first iPhone in 07, used t-mobile would install boss tools first thing and jail breaked every phone after that except for this one. It just wasn't worth it for me anymore and I also found less joy in the whole experience. But in 2007, a jail broken phone was a thing of pure magic! I would VNC into either a M7CL or a profile (depending on the day) over Ethernet from my laptop, then create a hotspot and VNC into my laptop from my 1st gen iPhone. Slowest thing ever but it worked! It had always been a dream of mine since 1998 when I first started doing sound to have a small portable touch screen to mix from... Now you can buy a mixer for $300 dollars that does the same thing and has better preamps as well. Oh how times have changed.
I would say that Apple has definitely done a lot with iOS to achieve feature parity with Android and the Jailbreak tweaks, but when I am on iOS, I still jailbreak in order to control the less desirable features of various apps. Youtube backgrounding, for example, is something I had forgotten was not standard until I switched to an Android based phone; years ago I had installed a Youtube tweak on iOS to allow backgrounding (without Youtube Red) and was very frustrated when I found out this wasn't the default behavior. Likewise, complete control over button remapping, complete control over the size and duration of notifications, granular control over notification badges, and also there is a tweak that allows you to slide across the keyboard anywhere to control the cursor, not just the spacebar (a feature I desperately wish was available on Android)
There's a lot to jailbreaking still, I think, and the business of "for pay" tweaks seems pretty stable at the moment.
Either the user controls the program or the program controls the user. It's time already for a truly FOSS phone (and no, android doesn't cut it... lineage/replicant barely do). I shouldn't have to use some strange third party questionable methods to get root on my fucking device.
>Either the user controls the program or the program controls the user. It's time already for a truly FOSS phone
And McDonald's is an instrument of oppression because you can't order pancakes after 10:30am. Either the customer controls the restaurant or the restaurant controls the customer!
If you want root on a device, buy a device that allows root. Apple doesn't have a monopoly on smartphones. Meanwhile people who want a reliable device with billions of dollars worth of investment in industry leading security and standout features like first class accessibility can have them. And yes, it turns out there's a trade off between platform security and user system access. We're all better off because there are a range of platforms available to us that provide different choices between those trade offs.
Nobody is stopping the FOSS community break by my out first class phones with industry leading features. The fact that it hasn't isn't a failing of Apple and smashing Apple wouldn't make it happen anyway.
>And yes, it turns out there's a trade off between platform security and user system access.
I'm an iPhone user for security reasons but this arument rubs me the wrong way. You can allow users system access at their own risk, if you design it correctly. The problem with Android is that "Install from unknown sources" is merely a checkbox away and opens the gateways to hell.
But not really, though. Yeah, Android apps have a lot of power and how they do is poorly documented (imo), but they still can't break out of their sandbox. Unknown sources is not a replacement for root.
Not having a jailbreak is a deal breaker for me and the lack of jailbreaks available is the reason I won't buy a new iphone (my current iphone 6+ is jailbroken).
I understand that a non jailbroken device is more secure but it also restricts what I can do on my own device which I bought with my money and I can't abide that.
The unfortunate part is that a "secure" jailbreak is absolutely possible, or at least mitigations for the vulnerabilities used to achieve the jailbreak. It seems there is not much demand for it though.
There are always other vulnerabilities that might not have been noticed that Apple fixes in later versions, though; like: jailbreaks that fixed their own exploit behind them and the handful of other known bugs weren't really sufficient. What really needs to happen to make this viable is for Apple to just let people do this kind of stuff without the need for them to have made a mistake in their security. They think they are smarter than everyone else, though, and if you are building something great that would run on their hardware that can't be done as an "app" you should just be working for Apple and be part of the smart club, so with that attitude they have this strategy to just coddle the user base so that they can't do anything dumb (as, to be very clear: I absolutely do not consider "user downloaded something evil from someone random and explicitly gave it permission to do something horrible" a security problem any more than a user can pick up a knife and stab themselves with it: that doesn't mean that all knives everywhere should be designed with a DRM that makes their sharp edges only work on certain kinds of branded food).
To expand on your first sentence: some past jailbreaks allowed booting different versions of iOS than the one with the bug, because they were lower-level (bootloader based). So you could upgrade for security fixes, upgrade for the latest features, or restore to fix a hosed system, all without losing your jailbreak. For a long time I wanted to implement that for userland jailbreaks, but I never did, and now it’s not really possible anymore. But that would have solved the “jailbreaks are inherently insecure” problem.
But yeah, much better if the cat and mouse game weren’t necessary to start with.
Jailbreaking my iPod touch taught me a lot about technology and software at an early age. I'm not sure I would be where I am today (working in technology and very well off compared to my peers) if I didn't pick up that hobby in middle/high school.
I miss having the date in the status bar[1] through SBSettings[2]. I still keep a jailbroken iPhone around to auto-reply to text/iMessages[3] via iBlackList[4].
Jailbreaking iOS devices might be dead but rooting android based devices is thriving.
With a jailbreak / root you can get around carrier restrictions on tethering, which in some areas without high speed wired internet options this is very important.
Back in the 2.xx days rooting was basically mandatory to get decent performance and regular updates, but now the OS is more optimized and has most of the features of rooted devices anyways.
Regardless, Google is trying their best to kill off rooting and custom ROMs. Apps like Snapchat and Google Pay don't work without hacks on rooted/unlocked devices because of Google's SafetyNet, which is a huge disincentive to root
i've never understood comments saying jailbreaking is no longer needed, particularly among technical people (it comes up in every single story about jailbreaking across the web).
jailbreaking gives you root access to your mobile computer, which means you actually own and control it, not some corporation.
one thing you can do after jailbreaking is install a real firewall on the device so you can control what information passes into and out of it. that's a real boon to privacy (it's not perfect secrecy of course).
I used to automatically jailbreak all my iOS devices right from the first iPhone.
From installing apps before the App Store existed , to attachments in mail, to download managers in safari, to a fully featured files app, the ingenuity of the early jailbreakers and coders was incredible.
I have fond memories of my wife and I spending hours playing iZoo, a pre App Store candy crush-like game.
Jailbreaking is dead, and now Apple is deciding which symbols are and aren't acceptable in apps. I think we are approaching the worst point ever in software freedom history. Very sad development.
Not to mention we have the whole Raspberry Pi ecosystem for embedded ARM development. That's been a huge leap forward for open embedded systems. And Broadcom deserves credit for hiring Eric Anholt to make open drivers for the hardware.
I think freedom will be fine as long as low-cost open devices like the Pi exist. If they go under and Android continues on its trajectory of becoming more closed, then I'll be more concerned.
What makes it fun for a kid to pick up a device and play with it often comes down to "a bunch of my friends also have this same device and so my software can be used by them and it makes them happy", not "I get to sit alone with the Pi that my parents got me and play with technical stuff". This is the same argument for why platforms with more market share get more innovation as there are more developers all over the world who think "if I bother to build that, there are people out there who can use it and might even pay me for it". That's why the programmable TI calculator ecosystem was so powerful, why jailbroken iPods as a development platform for kids was so powerful, why having open PCs with compatible open expansion ports was extremely powerful, and why it just isn't sufficient or really even terribly relevant that there exists an open platform but that the platforms people have are open.
I agree to some extent, and I'm worried about the war on general purpose computing too, but in the case of the Pi it's mitigated by the fact that the hardware starts at $5. That's a fraction of the cost of, say, a PC in the '90s.
I feel like downward trend in jailbreaking is temporary. iOS 10 has proven to be the most secure version of iOS. iOS 11 adds some additional complexity with the new file system and the possibility of sharing files between apps. I can only imagine there are new vulnerabilities to go along with that. In addition, the new, faster hardware provides opportunities for mods that were previously not possible.
My hope is that the severe lack of jailbreaks this year lulls Apple into a sense of complacency opens up new opportunities for jailbreaking iOS 11.
I think the lack of jailbreak in iOS 10 was not only due to lack of availability, but also lack of demand. Jailbreaks on early iPhones added tons of great features that made the risk of jailbreaking worthwhile. These days, I think most users are generally happy with the status quo.
As the developer of Cydia, I work very closely with the people who work on these exploits (and am often, though not quite always, seen as sufficiently "neutral" to be talking to multiple groups at once), and the primary factor for iOS 10 really is that the device is now extremely secure combined with "some of the people who previously had worked attacking the device played mercenary and 'switched sides' when Apple came by looking to hire them" (which both makes it more secure and reduces the brain power available to the side of the resistance). Apple also changed their policies for fixing bugs, even low-priority ones, to get patches out sooner (and the jailbreaks also started being forced to use higher priority bugs, so the windows of applicability for various tools has been extremely low in the last couple years).
A big thing to understand is that the jailbreaks have also become "more complex to use and maintain for the user" in addition to "less likely to be found" for the developers: the jailbreaks available for iOS 9.3 and later versions are brutal... they take the form of an app that you had to install using a tool I wrote called Cydia Impactor, which pretends to be Xcode and do all of the signing for a "free developer account". Every time you reboot your device, it is no longer jailbroken, and you have to run this app, which sometimes doesn't work (on iOS 10 I'd even say it "only" sometimes works ;P); and the app itself expires every 7 days (Apple restriction on free developer accounts), and so you have to keep reinstalling it using Impactor. Finally, if you break anything at all that causes SpringBoard to not be able to pop up (as you need to get all the way to "I can see this app and click it" for the jailbreak to work), you have to format your device (losing all your data) and restore to fix it... older jailbreaks were much more forgiving, as you could still log in via SSH if the device even sort of was able to start.
I'll also say that the general issue you bring up was also true for iOS 7 and 8, but there were tons of people who jailbroke even with iOS 9. When jailbreaks are available and easy to use, developers do cool things that are able to tempt users to do it; it is like: why does anyone install an app when I bet they don't really need it? Well, spending $3 for some random app that only slightly affects what you do is worth it: the cost is low to match the low benefit; so it doesn't really matter that much if the benefit isn't "insane killer thing that everyone has to do or the phone is worthless": it only has to be greater than the cost, and the cost went up so high and so fast during the past year and a half that even I have been "living without" a feature I used every single day numerous times and am constantly sad to not have right now, because "damn it, I just don't want to have to spend ten minutes rebooting my phone over and over again in the hope that this broken jailbreak works".
Another factor is that previously the last point update of an iOS version was always jailbreakable. So there was the long period over the summer where there was a stable jailbreak that people could experiment with and utilize while Apple was focused on the next big iOS version. Now Apple is very aggressive about making sure the most recent iOS version is locked up and preventing downgrades.
Needless to say those who follow contemporary history of the jailbreak scene, let alone the whole history, you are a founding father. Thanks for everything you do.
In the last year or so I wanted to take an old iPhone 5s, a handmedown from a relative, to learn CyScript and the other one from the NowSecure engineer that exposes a JS interface (I forget).
How can and how will security students learn to reverse engineer at runtime and assess modern iOS apps in the current state and no official emulator to boot?
Unlikely. The demand for pirated material (games) has not diminished. Also its hard to explain why the iPhone suddenly lacks demand for jailbreak when the Android modding community still thrives.
>These days, I think most users are generally happy with the status quo
You do not need to jailbreak to pirate, and most people who pirate don't jailbreak: the way people pirate is they either download applications from China that use enterprise certificates (which Apple vaguely tries to find and stop by revoking the certificate, but doesn't do very well at) or they share developer certificates (you can even pay a tiny subscription fee to get your device added to someone else's account with a download link for a wildcard provisioning profile), and then they can just install whatever they want to their device. Even the US Copyright Office has gone explicitly on the record as stating that they do not feel there is a link between piracy and jailbreaking mobile phones (unlike for other categories of device, such as video game consoles, where they consider that problem to exist and be serious).
The China Enterprise certificate thing is simmering down actually. I have been watching the "helper" apps, and there seems to be a shift to using iTunes APIs and an AppleID/password combination to sign via Xcode, like Impactor. Additionally there is a "repair" functionality to make the 7-day thing less of a pain.
Your point still stands of course: Jailbreak is not at all needed for privacy.
Hi Saurik, my reasoning was obviously not very well researched; actually I can see its a damaging assumption for the PR of jailbreaking when I (or the public in general) makes assumptions that jailbreaking is strongly linked to game piracy, so its appreciated you were able to clarify.
I personally have held my iPad back on iOS 9 for the reason that maybe some day I could jailbreak and install another OS, home brew apps etc. but I made a generalization about piracy I guess because I did see a bunch of demand for that in 2010-2012 which shows you how out of date my iOS knowledge is (since I have not jailbroken any devices between then and now). By the way, thanks for Cydia :) its synonymous in my mind for any discussion about jailbreaking and iOS.
I just think there is some demand for jailbreaking, and lack of public demand isn't a significant explanation for lack of jailbreaking progress on iOS 10/11. I mean, there is no clear argument I've seen yet which establishes a link between public demand and frequency of jailbreaks; after all it only takes a single determined developer/hacker to craft an exploit and deploy it for reasons not connected to public demand.
> I just think there is some demand for jailbreaking, and lack of public demand isn't a significant explanation for lack of jailbreaking progress on iOS 10/11.
For the most part, I agree with this, and I was making this argument somewhere else in this thread: the primary reasons that we haven't seen many or, when they happen, "pleasant" jailbreaks for recent versions of iOS is that Apple has continued to be good about not having severe regressions in their attempts to secure the device, they have added really interesting mitigations ahead of the competition, they have changed their prioritization for plugging holes (they used to let jailbreaks sit around for months), and they've hired many of the more "mercenary" people who would work on jailbreaks away from The Resistance to work for The Empire.
That said, there is at least some connection with demand, and that's something worth examining in more detail here.
> ...after all it only takes a single determined developer/hacker to craft an exploit and deploy it for reasons not connected to public demand...
The way you word this sentence makes it sound like the work involved here is comparable--not just in quantity but in concept--to building a real-time chat application or some other slightly-complex web application. This isn't just "work": it is a combination of luck and skill that relies on winning a game that you are playing against an opponent (Apple) who had to make a mistake; if anything, it has more in common with panning for gold than building a bridge. One does not just "craft an exploit", no matter how determined.
The reason people are willing to burn tons of time into the possibility of finding a vulnerability in this platform is because there's a ton of PR and excitement to come from it, which is largely tied to the amount of interest that exists. There are tons of less secure devices out there that never get anyone bothering to "jailbreak" them due to lack of interest; people even take up bounties to try to get these devices hacked. This is made much worse as there really aren't that many people who can even pull this off when given an end-to-end explanation of a vulnerability.
What ends up happening, thereby, when there isn't much of a public interest in jailbreaking, is that these people spend their time working on hacking other devices or they hoard their exploits (as why bother burning your magic trick on people who don't even care for the performance?), whether for personal use (it makes a great parlor trick while also letting you do a lot of great research into the workings of Apple's software) or to sell for a profit (which might be to Apple through their bug bounty program or to a third party; the latter brings up interesting ethical questions, but people definitely do it: these exploits are then used either to do more research or are turned into weapons).
We can then ask "why has demand in jailbreaking decreased? as in, why does this matter?", and I see a few reasons: one is that Apple has started "throwing in the kitchen sink" (seemingly after waiting for Steve Jobs' body to be cold in the ground...), another is that the extremely killer and pressing needs have started to go away as Apple fleshes out the operating system as well as allows more things into their App Store, and another big one is a kind of "death spiral" that comes from there being less to do, leading to fewer people bothering to do it, leading to less reason for developers to develop cool stuff, which is why there's less to do... this collapsing market is a really tough sell.
I just recently got my first iOS system, an iPad. I was planning to write in cafes with it and a bluetooth keyboard. Too bad I'm a customisation freak, and in the end, I didn't find a suitable setup.
The problem is that I use three languages daily: Finnish, English and Japanese. Besides that, I use The Dvorak keyboard layout. There is no commonly used Dvorak layout for Finnish and Japanese, but it's jarring to have to change the key arrangement when changing language, so on my Mac, I customized myself a layout that contains the English alphabet, the Finnish extra characters ä and ö, and type also Japanese with that.
On iPad, I couldn't find a keyboard that allowed that. The 3rd party keyboards are a step into a right direction, and I think that the JB community has played their part at that.
Needless to say, I'm not willing to switch away from Dvorak after 10 years of muscle memory and a generally more pleasant typing experience.
I'm still hopeful for the future of my currently read-only device.
Jailbreaking is the best thing that could have gone to iphones, IMHO. The reality that I can modify my hosts file, install a firewall with "learning mode" (too bad it hasn't been updated for iOS10), all these cool switched on Control Center, and many many more fun tweaks.
To begin with, Apple's privacy settings are pretty good, but things like PMP and AppAdmin (downgrade apps to previous versions) rock! especially when you lose functionality or you get a revamp you never asked.
I hope JB will continue as long as Apple does, and PLEASE update the Firewall IP :)
Unrestrictor 3G - Remove IAS and other limits by fooling apps into thinking they are on Wi-Fi.
Bytafont2 with Futurama font
iTransmission - torrent client
Also nice were bandwidth meter in the status bar, Fake Carrier, Five Icon Dock and Freeman's work porting aptitude, yum and deb packaging to iOS to make installing tweaks and apps easy.
It's a shame that Apple doesn't provide more app/os integration, customization and middleware hooks.
It feels boring without ability to jailbreaking your device but overall that's better for end-user security (less malware) and developer profit(less pirate).
It is absolutely possible to build a device that no only is secure but also lets you--the owner of the device--actually run anything you--again, the owner of the device--want to run; as it stands, the device is secure despite you, by saying that only Apple--who is actually the owner of your device, which they have effectively only lent to you and which they heavily restrict your usage of--can decide what can and can't run on your device... to me this is like saying "my apartment is secure because I am not trusted with a key: in order to get in, I have to call Apple and give them my password, and they open the door"... honestly, that seems a lot less secure to me than "I have the key".
That's certainly technically possible to achieve both security and "hack-ability", but having a reasonably attractive business model and user experience to make it available for general public is another layer of challenge.
The analogy of apartment is interesting, as today people may have equal or more to lose on a cellphone breach comparing to apartment, while managing the security is much more difficult on cellphone for common users. That fact certainly contributes to the prospers of walled garden (apartment management company) like Apple.
btw thanks for all the great work, saurik. //hatoff
I've mentioned it before, but it's frustrating how linked 'freedom' and 'free' are. If you buy into the security walled garden, you must too accept the commercial walled garden. I don't think those things must theoretically be intertwined, but in today's market they certainly are.
(I am pretty sure that person was not insulting what people in the jailbreak community do, but instead was poking at the idea of that Apple employee "shifting the blame" from "I can't believe that Apple managed to fix that wrong three times in a row... are they incompetent or something?"--a thought process we have all had about many of the bugs in dyld over the years ;P--to "damn those meddling kids and their stupid decompilers".)
