Skip to main content

Jailbreak Policy

Review how Vylos detects jailbroken iOS devices and enforces organizational security policies through MDM.

Configuration

Jailbreak detection is controlled by the blockJailbrokenDevices MDM restriction key.

  • Type: String (parsed as boolean)
  • Default when absent: false
  • Platform: iOS only

This restriction has no effect on macOS or visionOS, as jailbreaking is specific to iOS devices.

Block Behavior

When blockJailbrokenDevices is set to true and a jailbreak is detected, the app displays a full-screen block view titled "Device Policy Violation" with the message: "Your organization requires Vylos to run on unmodified devices. This device has been identified as jailbroken." The block screen can't be dismissed by the user.

Detection runs each time the Home screen appears, including the initial app launch and when returning to Home from another screen.

Detection Methods

Vylos uses four complementary detection methods. If any single method returns a positive result, the device is flagged as jailbroken.

1. Suspicious File Detection

The app checks for the existence of files and directories commonly associated with jailbreak tools:

  • /Applications/Cydia.app
  • /Library/MobileSubstrate/MobileSubstrate.dylib
  • /var/lib/cydia
  • /private/var/stash

2. URL Scheme Detection

The app checks whether the device has registered handlers for URL schemes used by popular jailbreak package managers:

  • cydia://package/com.example.package
  • sileo://package/com.example.package
  • undecimus://

3. Sandbox Escape Test

The app attempts to write a test file to /private/jailbreaktest, a path outside the app sandbox. On a non-jailbroken device, this write is blocked by the iOS sandbox. If the write succeeds, it indicates the sandbox has been compromised.

4. Dynamic Library Injection Scan

The app inspects the list of dynamically loaded libraries (via dyld) for known jailbreak-related frameworks and tools:

  • MobileSubstrate
  • SubstrateLoader
  • TweakInject
  • libhooker
  • Cephei
  • FridaGadget
  • frida-agent
  • cycript

The presence of any of these libraries in the loaded image list triggers a positive jailbreak detection.

Data Safety

No tunnel data is lost when the jailbreak block is active. All tunnel configurations, Keychain entries, and app settings remain intact on the device. The data is simply inaccessible while the block screen is displayed.

If the blockJailbrokenDevices restriction is removed from the MDM profile, or if the device is restored to a non-jailbroken state, the app resumes normal operation with all data intact.

Debug Override

For development and testing purposes, a debugOverrideJailbroken flag is available. This flag simulates a jailbroken device state so that the JailbreakBlockView can be tested without an actual jailbreak.

This override is only available in DEBUG builds. The flag is wrapped in #if DEBUG and is not compiled into release builds distributed through the App Store or enterprise deployment.

Version History

Jailbreak detection was introduced in version 1.1.0.