How secure is your data after a JB?

[stanw]

I want to JB an iPhone so I can use my unlimited data with VZW to tether. I'm concerned about the possibility of my data being forwarded somewhere else via the JB. I know very little about Jailbreaking, who makes them, etc. is here any known instances of anything like this resulting from the JB? Thoughts?

Thanks.

 

[eyoungren]

Your data is as secure as you make it.

If you jailbreak to tether and install nothing else you are as secure as you were stock. What makes you insecure is installing tweaks/apps you do not understand from sketchy repos or lack of attention to what you install.

For instance, many people install OpenSSH. OpenSSH allows you to use Terminal on a Mac to interact with the file system on your phone. It requires passwords. And guess what? There is a default password for both the root and the guest user. It's "alpine". Most new jailbreakers who install OpenSSH do not realize this and anyone who knows the default password could try and access your device via OpenSSH on a WiFi network. If you have not changed the passwords then you just gave away access to your device.

The major difference between jailbreak and stock is that Apple is not protecting you. Thus, you have to take responsibility for your device and be sure about what you allow on it.

That said, Cydia is a business. Just like the Apple store, money is involved. Amazon, Paypal, etc. It is bad for business to have rampant piracy or tweaks/apps that invade privacy. The stock repos within Cydia are therefore essentially above board. Yes, there have been instances of bad tweaks/apps phoning home or keyloggers and such like that. But the JB community is small. Word gets around.

I would argue that if you are attentive a jailbroken phone is actually more secure. It was jailbreak devs that wrote patches to fix Apple security holes before Apple. Tweaks such as iCaughtU Pro can prevent theft or help to get the thief arrested. So, just do your due diligence as you are now responsible for your own device.

As to who makes tweaks and apps, techheads who know a lot about coding. Some of them even end up working for Apple. But the majority of them write these tweaks/apps out of love for the JB community - and often for a little (very small) profit.

 

[stanw]

1. So for clarification, are you saying that if I only use the Cydia JB with the built in tethering app/option then there is no risk/threat that my data could be compromised any more than if I kept an iPhone stock?

2. You said there have been instances of bad tweaks/apps. Were these built into the JB or were they installed after the JB?

3. How does Cydia make money?

Thanks!

 

[eyoungren]

1. Cydia in and of itself is not part of a jailbreak except that it is often installed as part of the jailbreak process. You can jailbreak and not install Cydia. Cydia is just an app that gives you access to the tweaks and apps that can modify your phone. Just like you can be stock on an iPhone and never use the App store to download a single app you can also be jailbroken and never use Cydia to install a single tweak.

Your risk is only in what you choose to install via Cydia. Anything from the stock repos that are included within Cydia is essentially safe. I am not saying that any repo you add is unsafe, there are plenty of safe third party repos out there. You just have to do your homework.

But yes, if you do not install anything that reduces or compromises your security (such as OpenSSH without changing passwords) then you are as safe as you were stock.

2. Generally installed after the JB. The particular one I am thinking of was a battery app that phoned home. It quickly became known however. Like I said earlier, the JB community is a small group and word gets around. If you use legit jailbreaks you are safe. Non-legit jailbreaks are generally scams and generally do not work at all (never, never pay for a jailbreak).

3. Cydia is the facilitator for the developers. The devs tweak goes up on a repo and if it's a paid tweak then Cydia handles the transaction per whatever agreement it set between the repo and Cydia (Saurik). Saurik clears a percentage of the transaction and it's Saurik you speak to if you want a refund of a paid tweak.

Cydia uses Amazon and Paypal.