How to Detect Cydia to Protect iOS Apps

Cydia enables iOS devices to be Jailbroken which allows Hackers to Circumvent Mobile App Security Protections

What is Cydia?

Cydia is a third-party appstore that can provide access to unauthorized apps, tweaks, and modifications for jailbroken iOS devices. While jailbreaking iOS devices itself is legal in most countries, the use of a jailbroken iOS device to download pirated apps, modify games, or otherwise use copyrighted material without authorization, is generally unlawful worldwide. 

Approov Real-time Analytics M ontage v1 (1920 × 1080 px)As an app developer, you should be concerned about Cydia because it:

  • Enables software piracy - Apps from the official App Store can be illegally distributed through Cydia. This results in lost revenue.
  • Provides root access - Cydia grants users root access that completely compromises iOS security controls. This makes mobile apps much more vulnerable.
  • Allows cheating - Cheating provides unfair advantages in games and can ruin the app experience for legitimate customers.
  • Can modify your apps - Users can tweak and hack your apps via Cydia to bypass security protections.
  • Undermines app integrity - Code signing is bypassed so your apps can be modified without detection.
  • Weakens mobile security - Sensitive data stored locally by your apps is more easily accessible.
  • Breaches data privacy - User data can be extracted more easily on a jailbroken device.

Essentially, Cydia enables iOS devices to be jailbroken which then allows hackers to circumvent operating system protections, modify apps without restriction, and compromise security and privacy of users and their data.

As an app developer, you should try to detect and block jailbroken devices and use runtime protections even if bypassing occurs to protect your apps, users and reputation on compromised iOS devices.

How Does Approov Detect Cydia in iOS Apps?

Approov utilizes a range of static and dynamic checks during runtime app attestation to effectively detect jailbroken and compromised iOS devices, including Cydia. This allows financial, healthcare, automotive and other high security apps to deterministically identify and block compromised iOS devices from accessing sensitive data via your APIs and/or through third-party APIs.

Some of the ways Approov can identify jailbroken iOS devices include:

  • Approov can detect when prohibited apps, including Cydia, that enable jailbreaking are present.
  • Runtime integrity checks - Approov performs ongoing runtime attestation of the device integrity which can detect compromised or jailbroken devices.
  • Modified file system - Approov inspects the iOS file system looking for tweaks/changes made on jailbroken devices.
  • API limitations - Approov checks security policies to determine if access is allowed to APIs that are restricted on non-jailbroken devices.
  • Device fingerprinting - Approov can fingerprint devices to identify known jailbroken device attributes.
  • Circumvention detection - Techniques hackers use to bypass jailbreak detection are also checked.