9 votes

Jailbreaking - How do you know if a tweak is safe?

I've been jailbreaking for years now, and one of the things that have always puzzled me was how the jailbreak community determines whether or not a tweak has malicious code since they aren't always open-sourced. With the latest releases of checkra1n, and unc0ver, I've gotten back into jailbreaking since I wanted to jailbreak my 12.9" iPad Pro. From my understanding, the jailbreak itself (usually) is open-sourced, so it can generally be "vetted" that way. I typically stay away from using too many tweaks and try to stick with those from the "more well-known" developers, but I'm curious how others decide which developers/tweaks to trust and use? Do you strictly base it on "bug-reports" and a developer's reputation? What other factors come into play? There are tweaks like "Compatimark" that helps with compatibility information (but that's not really what I'm talking about).

Edit: First time posting a topic here, so hopefully it isn't breaking any rules.

6 comments

  1. [5]
    cptcobalt
    Link
    More or less long-term jailbreaker here: assume no jailbreak nor tweak is safe, ever, no matter the source. You are breaking the chain of trust on your device and installing insecure and unvetted...

    More or less long-term jailbreaker here: assume no jailbreak nor tweak is safe, ever, no matter the source. You are breaking the chain of trust on your device and installing insecure and unvetted software. Of course, you can mitigate this by doing immense research on your software sources. But you can never really be confident. (The real answer might just be to throw bits of the tweak into Hopper and find out for yourself.)

    The community is a thin shell of what it once was—because so much of the jailbreak community of yore now works for Apple, and those that don’t either sit in outlier research circles, or do it as a casual hobby or for piracy—so there’s not so much good stuff to be found anymore.

    Also, the OS is more or less “feature complete”—at least, as much as you can say it is. The public API is super fleshed out, and the OS has many core system-wide features it didn’t have before. Jailbreaking was really great when the OS was missing large swaths of features.

    ..actually, out of curiosity, what are you getting from jailbreaking in 2020?

    12 votes
    1. Enigma
      (edited )
      Link Parent
      Primarily, a couple of things: Mega UHB/ Untrusted Host Blocker since I get really irritated with ads, and this tweak helps block them system-wide) TetherMe (to enable tethering options) Tweaks to...

      Primarily, a couple of things:

      1. Mega UHB/ Untrusted Host Blocker since I get really irritated with ads, and this tweak helps block them system-wide)
      2. TetherMe (to enable tethering options)
      3. Tweaks to hide a specific iOS app's updates/never update the app. I sadly need a tweak for this now since several of the apps I had purchased now are removing the very features I had previously paid for and are putting them as "subscription" only. This is in large part due to Apple's "push" for app developers to include "subscriptions" (even though removing paid features is a direct violation of the App Store TOS). A perfect example of this is the Paste app, which I had purchased 3x for all my devices (Mac, iPad, and iPhone), and now is useless without a subscription. None of the features work.
      4. A much lesser extent, customizability/like Springtomize.
      5. Filza would be another reason, however, the Files app improved dramatically over the last few major iOS updates.

      Edit: Formatting

      7 votes
    2. [3]
      tomf
      Link Parent
      not OP, but I jailbreak to make the icons smaller, improve the lockscreen and status bar, lower brightness level / dark overlay), some minor keyboard modifications... I think that's it. Overall,...

      not OP, but I jailbreak to make the icons smaller, improve the lockscreen and status bar, lower brightness level / dark overlay), some minor keyboard modifications... I think that's it. Overall, its to make the device prettier and less bulky. I really miss the days of having Little Brother or, when I was using Android, the ro.sf.lcd_density option.

      There should always be a 'make everything too small for most people' option.

      3 votes
      1. [2]
        Enigma
        Link Parent
        Little Brother was a neat tweak back in the day. A bit unrelated, but Little Brother reminded me of another old tweak I really do miss - Firewall iP 7. It was pretty buggy on the later iOS...

        Little Brother was a neat tweak back in the day. A bit unrelated, but Little Brother reminded me of another old tweak I really do miss - Firewall iP 7. It was pretty buggy on the later iOS versions that it still technically "worked" on (esp. on my old 32-bit iPad 4 that is stuck running iOS 10.3.3 since iOS 11 dropped 32-bit device support), but it was still solid when it worked properly. Until I installed Firewall iP7, I hadn't realized how many ridiculous and unnecessary connections certain iOS applications would try to make in the past. I think Apple's gotten a bit better on preventing crap like that from occurring in iOS 13 (though I can't be sure since there isn't a robust way to check as far as I know). I think I might run a test soon, though, by utilizing an old Raspberry Pi 3b+ that already has Pi-hole installed and running on it, and my iPad Pro/iPhone 7.

        2 votes
        1. tomf
          Link Parent
          there have been some great tweaks over the years. I run pihole on a VPS and it works well with IOS.

          there have been some great tweaks over the years. I run pihole on a VPS and it works well with IOS.

          2 votes
  2. haykam821
    Link
    You don't; just like the jailbreak itself, you should probably read the code (if it is open-source) before using it on your device. Generally, most of the trusted developers/tweaks/repos will be...

    You don't; just like the jailbreak itself, you should probably read the code (if it is open-source) before using it on your device. Generally, most of the trusted developers/tweaks/repos will be able easily distinguishable from the rest, so as long as someone is vouching for it on one of the more popular jailbreaking communities, you can consider it safe.