do you trust a jb iphone?

[MinuteDreamer]

I guess I don't know how Installous works as I've never installed cracked apps. It seems like you're saying that it takes the real IPA's or something and installs them rather than having someone already crack the app and turn it into a .deb file? I was more referring to the later because it'd be very easy to bundle up a trojan with the .deb of any app not downloaded from it's original repo. Someone would only have to download a legitimate app, and compile a .deb with a trojan included. This is why you're safe on cydia sticking to the main repos.

Ah, now I see why we were talking past each other.

Cracked apps are usually distributed as .ipa's not .deb's. Cracked apps are cracked by an individual, and then distributed in cracked, unencrypted form. They can be installed through installous, or even iTunes, which does not grant them sufficient privileges to do anything terribly malicious.

I wouldn't really call sticking to the main cydia repositories as "safe". If I really was some sort of malicious hacker, and I wanted to attack jailbroken iPhones, what I'd do is write some sort of useful free jailbreak app (such as Backgrounder or an SBSSettings extension for example) and give it away. I'd load this up with whatever malware I could conceive of. I believe this would be the simplest, most effective approach. Definately a lot easier than cracking an app, and then finding some sort of exploit to get away from the iPhone's app jail.

 

[ViViDboarder]

Ah, now I see why we were talking past each other.

Cracked apps are usually distributed as .ipa's not .deb's. Cracked apps are cracked by an individual, and then distributed in cracked, unencrypted form. They can be installed through installous, or even iTunes, which does not grant them sufficient privileges to do anything terribly malicious.

I wouldn't really call sticking to the main cydia repositories as "safe". If I really was some sort of malicious hacker, and I wanted to attack jailbroken iPhones, what I'd do is write some sort of useful free jailbreak app (such as Backgrounder or an SBSSettings extension for example) and give it away. I'd load this up with whatever malware I could conceive of. I believe this would be the simplest, most effective approach. Definately a lot easier than cracking an app, and then finding some sort of exploit to get away from the iPhone's app jail.

Well I suppose there is some truth to it, but there is no set demand for an app that a malware distributer decides to create to somehow distribute their malware. I mean the time that has to be put into creating an app like Backgrounder or SBSettings is significant and while likely what would produce the most reliable method of distributing malware would be significantly difficult.

Anyone who has jailbroken their phone needs to treat it like they would treat any computer. Know what you're installing. On any computer you shouldn't go download an application from some sketchy webpage that nobody you know has used. There are many very security conscious people that use the iPhone and will find out if there is a malware exploit. Do your research. You can even download Firewall IP, a firewall for the iPhone, on Cydia if you are worried. You'll see any remote connections (if there was malware sending your info away) and you'd be able to stop it.

I don't keep anything too worrisome on my phone and I'm confident enough about my ability to keep a computer safe. I have never even encountered a virus on Windows since I started using Windows 3.1. Since I've used every windows OS to date. I also don't run virus scans on my Mac or Linux computers.

With great power comes great responsibility. Watch what you install on your phone. If you have questions about an app come and post here (not this thread, start a new one newbs! ). That's what communities like this are for.