Jailbreak Detection
Protection Module: JailbreakDetection
Detects if your mobile application is running on a jailbroken iOS device or rooted Android device.
Available for:
- MAUI (iOS and Android)
- Xamarin.iOS
- Xamarin.Android
- Xamarin.Forms
How It Works
Jailbreak Detection performs comprehensive checks to identify if the mobile device has been compromised through jailbreaking (iOS) or rooting (Android).
iOS Jailbreak Detection
Detection Methods:
- Cydia and alternative package manager detection
- Suspicious file system paths (
/Applications/Cydia.app,/private/var/lib/apt/) - SSH daemon detection
- File system write tests (jailbroken devices allow writes to system directories)
- Dynamic library injection detection
- Code signing violations
- Substrate/Frida framework detection
Common Jailbreak Tools Detected:
- Cydia
- Sileo
- Zebra
- unc0ver
- checkra1n
- Taurine
- Chimera
Android Root Detection
Detection Methods:
- Superuser binary detection (
su,/system/xbin/su) - Root management app detection (Magisk, SuperSU, KingRoot)
- SafetyNet Attestation API integration
- Play Integrity API checks
- Build tags analysis (
test-keys) - Dangerous properties detection (
ro.debuggable=1) - System file modifications
- SELinux status checks
Common Root Tools Detected:
- Magisk
- SuperSU
- KingRoot
- KingoRoot
- OneClickRoot
Configuration
JSON Configuration
JSON
{
"protections": {
"JailbreakDetection": {
"enabled": true,
"action": "close"
}
}
}{
"protections": {
"JailbreakDetection": {
"enabled": true,
"action": "close"
}
}
}Code-Based Configuration (MAUI)
C#
await Payload.ConfigureAsync(config =>
{
config.AddProtection(ProtectionModuleType.JailbreakDetection, ActionType.Close);
});await Payload.ConfigureAsync(config =>
{
config.AddProtection(ProtectionModuleType.JailbreakDetection, ActionType.Close);
});Advanced Configuration
JSON
{
"protections": {
"JailbreakDetection": {
"enabled": true,
"action": "close",
"intervalMs": 300000,
"config": {
"checkOnStartup": true,
"periodicChecks": true,
"strictMode": true
}
}
}
}{
"protections": {
"JailbreakDetection": {
"enabled": true,
"action": "close",
"intervalMs": 300000,
"config": {
"checkOnStartup": true,
"periodicChecks": true,
"strictMode": true
}
}
}
}Available Actions
| Action | Behavior | Recommended For |
|---|---|---|
| Close | Terminate app immediately | Banking apps, payment apps, DRM content |
| Log | Record incident and continue | Analytics, low-risk apps |
| Custom | Execute custom handler | User warnings, graceful degradation |
| None | Detect only, no action | Testing, development builds |
Configuration Parameters
Check Modes
JSON
{
"config": {
"checkOnStartup": true,
"periodicChecks": true,
"strictMode": false
}
}{
"config": {
"checkOnStartup": true,
"periodicChecks": true,
"strictMode": false
}
}| Parameter | Description | Default | Recommendation |
|---|---|---|---|
checkOnStartup | Check immediately when app launches | true | Always enable |
periodicChecks | Continue checking while app runs | true | Enable for high-security apps |
strictMode | More aggressive detection (higher false positives) | false | Enable for financial apps |
Detection Sensitivity
JSON
{
"config": {
"strictMode": true,
"ignoreSimulator": false
}
}{
"config": {
"strictMode": true,
"ignoreSimulator": false
}
}Strict Mode:
- More detection methods
- Identifies advanced hiding techniques
- Higher false positive rate
- Recommended for banking/financial apps
Standard Mode:
- Balanced detection
- Lower false positives
- Sufficient for most applications
Platform-Specific Alerts
iOS Alert (UIKit)
C#
config.RegisterCustomAction("ios-jailbreak-alert", async (threat) =>
{
#if IOS
var alert = UIKit.UIAlertController.Create(
"Security Warning",
"This device appears to be jailbroken. The app cannot run on compromised devices.",
UIKit.UIAlertControllerStyle.Alert
);
alert.AddAction(UIKit.UIAlertAction.Create(
"Exit",
UIKit.UIAlertActionStyle.Destructive,
action => Environment.Exit(-1)
));
var window = UIKit.UIApplication.SharedApplication.KeyWindow;
window.RootViewController.PresentViewController(alert, true, null);
await Task.Delay(10000);
Environment.Exit(-1);
#endif
});config.RegisterCustomAction("ios-jailbreak-alert", async (threat) =>
{
#if IOS
var alert = UIKit.UIAlertController.Create(
"Security Warning",
"This device appears to be jailbroken. The app cannot run on compromised devices.",
UIKit.UIAlertControllerStyle.Alert
);
alert.AddAction(UIKit.UIAlertAction.Create(
"Exit",
UIKit.UIAlertActionStyle.Destructive,
action => Environment.Exit(-1)
));
var window = UIKit.UIApplication.SharedApplication.KeyWindow;
window.RootViewController.PresentViewController(alert, true, null);
await Task.Delay(10000);
Environment.Exit(-1);
#endif
});Android Alert (Material Design)
C#
config.RegisterCustomAction("android-root-alert", async (threat) =>
{
#if ANDROID
var context = Android.App.Application.Context;
var builder = new AndroidX.AppCompat.App.AlertDialog.Builder(context);
builder.SetTitle("Security Warning");
builder.SetMessage("This device appears to be rooted. The app cannot run on compromised devices.");
builder.SetIcon(Android.Resource.Drawable.IcDialogAlert);
builder.SetCancelable(false);
builder.SetPositiveButton("Exit", (sender, args) =>
{
Android.OS.Process.KillProcess(Android.OS.Process.MyPid());
});
var activity = (Android.App.Activity)context;
activity.RunOnUiThread(() => builder.Show());
await Task.Delay(10000);
Environment.Exit(-1);
#endif
});config.RegisterCustomAction("android-root-alert", async (threat) =>
{
#if ANDROID
var context = Android.App.Application.Context;
var builder = new AndroidX.AppCompat.App.AlertDialog.Builder(context);
builder.SetTitle("Security Warning");
builder.SetMessage("This device appears to be rooted. The app cannot run on compromised devices.");
builder.SetIcon(Android.Resource.Drawable.IcDialogAlert);
builder.SetCancelable(false);
builder.SetPositiveButton("Exit", (sender, args) =>
{
Android.OS.Process.KillProcess(Android.OS.Process.MyPid());
});
var activity = (Android.App.Activity)context;
activity.RunOnUiThread(() => builder.Show());
await Task.Delay(10000);
Environment.Exit(-1);
#endif
});MAUI Cross-Platform Alert
C#
config.RegisterCustomAction("mobile-jailbreak-alert", async (threat) =>
{
await Application.Current.MainPage.DisplayAlert(
"Security Warning",
"This device appears to be jailbroken or rooted. The app will now close.",
"OK"
);
await Task.Delay(3000);
Environment.Exit(-1);
});
config.AddProtection(ProtectionModuleType.JailbreakDetection, "mobile-jailbreak-alert");config.RegisterCustomAction("mobile-jailbreak-alert", async (threat) =>
{
await Application.Current.MainPage.DisplayAlert(
"Security Warning",
"This device appears to be jailbroken or rooted. The app will now close.",
"OK"
);
await Task.Delay(3000);
Environment.Exit(-1);
});
config.AddProtection(ProtectionModuleType.JailbreakDetection, "mobile-jailbreak-alert");When to Use
Strongly Recommended for:
- Banking and financial applications
- Payment processing apps
- Digital wallets and cryptocurrency apps
- DRM-protected content (videos, music, ebooks)
- Healthcare apps with PHI/PII
- Enterprise apps with confidential data
- Apps with in-app purchase validation
- Government and defense applications
Consider Carefully for:
- Gaming apps (may alienate legitimate users)
- Social media apps
- Utility apps without sensitive data
- Apps targeting developer communities
Not Recommended for:
- Open-source apps
- Developer tools
- Apps that explicitly support jailbroken devices
User Experience
Jailbreak/root detection can frustrate legitimate users who have modified their devices for non-malicious reasons. Consider showing a warning instead of immediately closing the app for less sensitive applications.
Graceful Degradation Example
C#
config.RegisterCustomAction("graceful-jailbreak-handling", async (threat) =>
{
// Show warning dialog
var userChoice = await Application.Current.MainPage.DisplayAlert(
"Security Notice",
"This device appears to be modified. Some features will be disabled for your protection.",
"Continue with Limited Features",
"Exit"
);
if (!userChoice)
{
Environment.Exit(0);
return;
}
// Disable sensitive features
AppSettings.DisableBiometricAuth = true;
AppSettings.DisableOfflineMode = true;
AppSettings.EnableExtraLogging = true;
// Log to backend
await SecurityLogger.LogJailbreakDetection(threat);
});config.RegisterCustomAction("graceful-jailbreak-handling", async (threat) =>
{
// Show warning dialog
var userChoice = await Application.Current.MainPage.DisplayAlert(
"Security Notice",
"This device appears to be modified. Some features will be disabled for your protection.",
"Continue with Limited Features",
"Exit"
);
if (!userChoice)
{
Environment.Exit(0);
return;
}
// Disable sensitive features
AppSettings.DisableBiometricAuth = true;
AppSettings.DisableOfflineMode = true;
AppSettings.EnableExtraLogging = true;
// Log to backend
await SecurityLogger.LogJailbreakDetection(threat);
});Development and Testing
Simulator/Emulator Detection
C#
await Payload.ConfigureAsync(config =>
{
#if DEBUG
// Disable on simulators during development
if (DeviceInfo.DeviceType == DeviceType.Virtual)
{
config.AddProtection(ProtectionModuleType.JailbreakDetection, ActionType.None);
}
else
{
config.AddProtection(ProtectionModuleType.JailbreakDetection, ActionType.Log);
}
#else
// Production: always enforce
config.AddProtection(ProtectionModuleType.JailbreakDetection, ActionType.Close);
#endif
});await Payload.ConfigureAsync(config =>
{
#if DEBUG
// Disable on simulators during development
if (DeviceInfo.DeviceType == DeviceType.Virtual)
{
config.AddProtection(ProtectionModuleType.JailbreakDetection, ActionType.None);
}
else
{
config.AddProtection(ProtectionModuleType.JailbreakDetection, ActionType.Log);
}
#else
// Production: always enforce
config.AddProtection(ProtectionModuleType.JailbreakDetection, ActionType.Close);
#endif
});Testing on Real Devices
JSON
{
"protections": {
"JailbreakDetection": {
"enabled": true,
"action": "log",
"config": {
"strictMode": false,
"ignoreSimulator": true
}
}
}
}{
"protections": {
"JailbreakDetection": {
"enabled": true,
"action": "log",
"config": {
"strictMode": false,
"ignoreSimulator": true
}
}
}
}Performance Impact
Detection Time:
- Initial check: 100-300ms
- Periodic checks: 50-150ms
Battery Impact:
- Minimal with 5-minute intervals
- Negligible with default configuration
Recommended Intervals:
- Aggressive: 120000ms (2 minutes)
- Balanced: 300000ms (5 minutes) - Default
- Conservative: 600000ms (10 minutes)
Platform Compatibility
| Platform | iOS Support | Android Support | Notes |
|---|---|---|---|
| .NET MAUI | ✔ | ✔ | Full support for both platforms |
| Xamarin.Forms | ✔ | ✔ | Full support |
| Xamarin.iOS | ✔ | N/A | iOS-specific detection |
| Xamarin.Android | N/A | ✔ | Android-specific detection |
iOS Version Support: iOS 12.0+ Android Version Support: Android 6.0+ (API 23+)
Threat Detection Details
When jailbreak/root is detected, the ThreatInfo object contains:
JSON
{
"threatId": "JB-2025-12-28-9012",
"description": "Jailbroken/rooted device detected",
"moduleType": "JailbreakDetection",
"detectedAt": "2025-12-28T16:45:30Z",
"confidence": 0.98,
"metadata": {
"platform": "iOS",
"deviceModel": "iPhone 12 Pro",
"osVersion": "15.4.1",
"detectionMethod": "cydia-detection",
"suspiciousFiles": [
"/Applications/Cydia.app",
"/private/var/lib/apt"
],
"jailbreakTool": "unc0ver"
}
}{
"threatId": "JB-2025-12-28-9012",
"description": "Jailbroken/rooted device detected",
"moduleType": "JailbreakDetection",
"detectedAt": "2025-12-28T16:45:30Z",
"confidence": 0.98,
"metadata": {
"platform": "iOS",
"deviceModel": "iPhone 12 Pro",
"osVersion": "15.4.1",
"detectionMethod": "cydia-detection",
"suspiciousFiles": [
"/Applications/Cydia.app",
"/private/var/lib/apt"
],
"jailbreakTool": "unc0ver"
}
}Related Protections
- Debugger Detection - Prevent debugging
- Tampering Detection - Code modification detection
- Emulator Detection - Detect emulated environments
Next Steps
Mobile Installation
MAUI and Xamarin setup
Actions
Configure threat responses
Custom Actions
Create custom handlers