JailbreakMe.com is a website that offers visitors the ability to jailbreak their iPhone without a computer-based tether. It does this by exploiting the system-wide ability for applications to read PDF files, where an incorrectly-formatted PDF file can lead a hacker to do anything they want to your system. While this bug CAN be used maliciously to steal all the personal data from your phone, the developers in this instance used it to enable jailbreaking.
Others will tell you why you should or should not jailbreak your iPhone. Others will decry the developers for bringing to light a serious vulnerability in the iPhone OS. In this blog post, I won’t do any of that, but will instead point out some things you should and shouldn’t do if you decide to jailbreak.
Backup first, and backup the backup
It should go without saying that, before you start mucking around with the internals of the software on your phone, you should back everything up with iTunes. Sync down all the data into iTunes, and explicitly backup by right-clicking the iPhone in the sidebar and choosing “Back Up”. Once that is done, you should backup the actual backup files to somewhere safe. This way, if you ever want to go back to a vanilla iPhone, it’s fairly straightforward. The files are located in ~/Library/Application Support/MobileSync/Backup.
Understand what you’re doing
Jailbreaking lets you run apps on your iPhone that, for a variety of political and technical reasons, you could not run otherwise. Apple has gone to great lengths to prevent you from running unauthorized apps on your iPhone, and for several reasons; the most important is for security. Since jailbreaking is designed to let you run those apps, that means that in order for the jailbreak to work, several of those security measures are simply shut off and disabled. This does not mean that you’ll automatically get viruses and have your data stolen, but it does open up more avenues for hackers to gain access to your data. You simply must be more vigilant and attentive about security when your phone is jailbroken.
Only add sources that you trust completely
When you jailbreak, you will notice a new app on your home screen, called “Cydia”. You can think of this as the jailbroken App Store for your iPhone. You will be able to use this to install lots of apps; you can also install mods that change app icons and fonts, mods that change how apps behave, and mods that add new features system-wide. One way this differs from Apple’s built-in App Store is that third parties can publish their own list of apps and mods at their own whim, and users can add those lists to Cydia. You can find lists of third-party sources available by doing some creative Googling.
Now, since you can add any third-party list you want, and those lists can contain mods which can access all of the data on your iPhone, you need to be extremely mindful of which sources you add. Seemingly innocuous apps, such as simple wallpaper lists, can contain code which subtly and sneakily siphons away your contacts, or worse. Since you don’t have Apple vetting apps before they hit your phone, you won’t be able to trust that an app isn’t malicious if it’s from an unknown source.
Only install what you need
Many of the apps and mods you can download through Cydia will not be things that you can technically do on the iPhone using Apple’s published APIs. An example of this is the project which allows you to install a Growl-like UI for push notifications; it simply is not possible to do through the App Store. This means that you will have mods injecting code into the memory of other apps (sometimes into EVERY app). The more mods like this you have, the more they will start to clash with each other. This can lead to crashes, drained batteries, hangs, and system slowdown. You should consciously try to minimize the number of mods that you install, to preserve the experience of your iPhone.
Be mindful of OpenSSH
Packages in Cydia often times will require use of other libraries to achieve their goals. These needs are called dependencies in Cydia, and they will be listed when you try and install packages. There are packages which will blindly install a package called OpenSSH, which installs a server on your iPhone that allows you to log in via a Terminal. Now, this package uses a file on the iPhone to determine what the default password is, which happens to be ‘alpine’. As you can imagine, many people don’t change that password by default, and instead just let the default stick and never change it; this led to disaster last year when someone used the default password to extort lazy iPhone jailbreakers.
If you install this package, the absolute first thing you should do is change the root password.
Be wary of iOS software updates
In all likelihood, your iOS software updates will be far more involved than non-jailbreaking. The hacks used to enable jailbreaking are usually patched in the next update of the OS. This means that, if you want to keep your jailbreak mods, you will need to wait for the iPhone dev community to release an updated jailbreak procedure. Sometimes this takes hours, sometimes this takes weeks. Once the jailbreak is released, updating generally consists of backing up everything, restoring your iPhone to the new OS, re-jailbreaking, and reinstalling all of your jailbreak software. It is a far more involved process, on top of the already involved update process of the iOS. You will likely update the OS far less than you would if you were non-jailbroken.