Jailbreaks

Jailbreaking is the process of patching iOS to break out of the "jail" imposed by the system on the user. The jail is used to prevent access to the device as a root user. This, in turn, prevents the user from changing system files and installing software not available through the official App Store.

Apple's purported purpose of patching the holes is to prevent users from security vulnerabilities. However, many have speculated that the real reason is to enforce distribution on the App Store, where Apple charges US$99 per year and takes up to 30% of the revenue.

History

Within days of the release of the original iPhone, some people managed to break out of the jail. Over the years, many jailbreaks have been released, with Apple playing a cat and mouse game in attempts to patch the "holes" used to jailbreak.

Security

The security around jailbreaks is often a point of contention, with Apple claiming that doing so increases the risk of malware. These malicious programs commonly come out after the release of a jailbreak and use the same vulnerabilities to access the device. As such, many newer jailbreaks will include patches that close the security hole they used to access the device.

Scams

Over the years, there have been hundreds of jailbreaking scams. These scams commonly come in the form of charging for a free jailbreak tool, or charging for a "new" tool that supports devices and iOS versions with no published exploits. Other times, they are simply malware for your computer.

Types of Jailbreaks

There exist many types of jailbreaks. These range from being useless for the average user and are more for a proof of concept, to jailbreaks that only require the computer to install.

Bare Bones

The most simple form of jailbreaking involves patching /private/var/fstab to mount the root filesystem as read-write (instead of read-only). This is most commonly used as a proof of concept. A common example involves the second generation Apple TV; When it was first released, the first jailbreak tools only existed to perform a bare bones jailbreak.

With iOS 7, Apple added a security feature that prevents the system from booting if it detects a modified /private/var/fstab.

Tethered vs. Untethered

Whenever the device boots up, the kernel must be patched in order to allow "unsigned" software to run. This is accomplished in many different ways, but some require a computer for every boot. This distinction has given rise to the terms "untethered" and "tethered" jailbreaks.

A "tethered" jailbreak is the most common kind. Whenever the device boots up, it will detect the patched kernel and refuse to boot, instead going into recovery mode. The way to fix this involves using a tool (typically provided with the jailbreaking software) to upload a temporary patch that will allow the device to boot. As such, the name comes from the fact that your device must be "tethered" (connected) to a computer in order to boot.

In contrast, an "untethered" jailbreak does not require a computer to boot up. These commonly utilize exploits in the bootrom that patch the code signing requirement.

Semi-Tethered

More recently, as Apple's system has become more strict, two new forms of jailbreaks have appeared: "semi-tethered" and "semi-untethered." As their names imply they are "tethered" in some sorts, and require software to patch the kernel every boot. However, they are unique in that the device will boot and function normally without needing a patch on every boot.

A "semi-tethered" jailbreak is one where the device, in the absence of an exploit, will boot and function as if there is no jailbreak. It will not have a patched kernel, and, as such, attempts to run unsigned apps like Cydia will fail. In order to fix this, the device must be rebooted and patched with the help of software external to the device (commonly provided with the jailbreaking software).

A "semi-untethered" jailbreak is similar to a semi-tethered one, but with a minor difference: the tool to run the exploits is on the device. In other words, when a device is booted up, it will function as stock, but one can run an app that is present on the device to reboot and path the device.

Jailbreak Compatibility