Once jailbroken, will iOS apps run with root privilege?

by

Not disagreeing with anything H2CO3 said, but to add some further clarification …

  • Apps installed in /private/var/mobile/Applications/(†) with Xcode will run with user mobile privileges, even on jailbroken phones.

  • Even on a jailbroken phone, apps installed to /private/var/mobile/Applications/(†) will be sandboxed almost (‡) like apps on a jailed phone. So, no reading other (normal) apps’ data, even if those files are owned by user mobile.

  • For a good description of the process that apps like Cydia use to run as root, see this answer. Or, just ssh into your phone, and take a look inside /Applications/Cydia.app/ yourself.

  • If you simply copy/install an app (without doing what H2CO3 suggested) to /Applications/, it won’t be sandboxed, but it will still run with mobile (UID=501) privileges:

iPhone5:~ root# cd /Applications

iPhone5:/Applications root# ls -altr ./HelloJB.app/
total 220
-rw-r--r--  1 root wheel   711 Apr  3 20:36 entitlements.xml
-rw-r--r--  1 root wheel   297 Apr  3 20:36 entitlements-daemon.xml
-rw-r--r--  1 root wheel  7972 Apr  3 20:36 embedded.mobileprovision
-rw-r--r--  1 root wheel 58755 Apr  3 20:36 date.zip
-rw-r--r--  1 root wheel   485 Apr  3 20:36 ResourceRules.plist
-rw-r--r--  1 root wheel     8 Apr  3 20:36 PkgInfo
-rw-r--r--  1 root wheel  1226 Apr  3 20:36 Info.plist
-rw-r--r--  1 root wheel 10960 Apr  3 20:36 Icon\@2x.png
-rw-r--r--  1 root wheel  8328 Apr  3 20:36 Icon.png
-rw-r--r--  1 root wheel   451 Apr  3 20:36 HelloJB.plist
-rwxr-xr-x  1 root wheel 61088 Apr  3 20:36 HelloJB*
-rwxr-xr-x  1 root wheel 42688 Apr  3 20:36 HelloDaemon*
drwxr-xr-x  2 root wheel   136 Apr  3 20:36 en.lproj/
drwxr-xr-x  2 root wheel   102 Apr  3 20:36 _CodeSignature/
drwxr-xr-x  4 root wheel   544 Apr  3 20:36 ./
drwxrwxr-x 54 root admin  1904 Apr  5 02:14 ../

iPhone5:/Applications root# ps -Aef | grep HelloJB
  501  9412     1   0   0:00.00 ??         0:00.33 /Applications/HelloJB.app/HelloJB

iPhone5:/Applications root# grep mobile /etc/passwd
mobile:*:501:501:Mobile User:/var/mobile:/bin/sh

(‡) Here’s a good discussion, with input from Saurik, about how different jailbreaks may affect the sandbox. Long story short: it depends.

(†) Update: in recent versions of iOS, the location of 3rd-party apps has been moved to /var/mobile/Containers, and later to /var/containers/, but the same basic sandbox issues remain.

More Related Contents:

  1. How do I change my iOS applications’ entitlements?
  2. Undefined symbols for architecture arm64
  3. UITableView example for Swift
  4. “Warning: iPhone apps should include an armv6 architecture” even with build config set
  5. How to Completely Uninstall Xcode and Clear All Settings
  6. Enterprise App Update Distribution on iOS 8
  7. Storyboard doesn’t contain a view controller with identifier
  8. Cocoapods Warning – CocoaPods did not set the base configuration of your project because because your project already has a custom config set
  9. Execute code in Launch Screen
  10. Layout issues after updating to Xcode 8
  11. Only ONE VIEW landscape mode
  12. How can I use IBOutletCollection to connect multiple UIImageViews to the same outlet?
  13. How to delete WKWebview cookies
  14. iphone: Where the .dSYM file is located in crash report
  15. How to I import 3rd party frameworks into Xcode Playground?
  16. Xcode iOS project only shows “My Mac 64-bit” but not simulator or device
  17. Programmatically switching between tabs within Swift
  18. Linker Error in iOS (duplicate symbols for architecture x86_64)
  19. Xcode – ld: library not found for -lPods
  20. “Creating an image format with an unknown type is an error” with UIImagePickerController
  21. How to dynamically change the font size in auto layout iOS?
  22. The executable gets signed with invalid entitlements in Xcode
  23. “Too many symbol files” after successfully submitting my apps
  24. iOS – Ensure execution on main thread [duplicate]
  25. Steps to create and edit a plist file in Xcode
  26. Xcode 4.3.2, issue with running on simulator
  27. The sandbox is not in sync with the Podfile.lock-ios
  28. Xcode changes unmodified storyboard and XIB files
  29. Xcode6: Run two instances of the simulator
  30. How to disable no inverse relationship warning for CoreData in Xcode 4.2?

Leave a Comment