What are you looking for?

Malware menaces iOS jailbreakers

We are taught throughout our lives to be wary of strangers and not to trust information or products from unknown sources. In the majority of cases, people who jailbreak their devices will be tech savvy enough to take precautions with downloads. For some people though, the appeal of getting completely ‘free’ apps means that they blindly download interesting looking apps and ‘take a risk’.

Every month, a study is released citing malware hitting iOS, Android and other platform users. Whilst the threat can be very real for Android users, delving into the reports tends to reveal that the threat to iOS users relates to those who jailbreak their devices.

This most recent attack, dubbed Unfold Baby Panda, sees the system stealing Apple ID credentials from jailbroken iPhones and iPads. The code only works on 32-bit versions of jailbroken iOS devices so the iPhone 5S, iPad Mini 2 and iPad Air aren’t affected.

Of course, there is always a certain amount of risk with jailbreaking devices. If you choose to play outside the garden walls, you accept that you might get injured or stung. This has always been the case with iOS users.

We are taught throughout our lives to be wary of strangers and not to trust information or products from unknown sources. In the majority of cases, people who jailbreak their devices will be tech savvy enough to take precautions with downloads. For some people though, the appeal of getting completely ‘free’ apps means that they blindly download interesting looking apps and ‘take a risk’.

Free in the technology world often means that someone, somewhere is making money from you. With Facebook, the user is the product. The same is true for Google. The return for a free service is advertisers being able to target users with greater accuracy based on data and insight. For jailbroken devices, the free may well mean that an app is going to collect information to sell on.

This same problem is one that Google battles with on Android. As an open platform, without the same level of approvals that go into Apple’s iOS, there have been countless stories about malware code being hidden in malicious apps that try to siphon off data about the user. Again with stories about Android, we often find that it closely relates to third party app stores or untrusted sources trying to look legitimate.

Threats and dangers will always be out there, but here are some tips for staying safe:

  1. Trust the source: If the app is being distributed through an unknown App Store or even a website, the chances are that it probably shouldn’t be trusted.
  2. Check the reviews: If the reviews are less than shining then it’s a clue that all may not be as it seems. On the other hand, if the reviews seem to be too good to be true, they probably are. If the developer can write malicious code, then they can they can probably populate a review field with fake reviews.
  3. Check the permissions: What is the app trying to access on your device? If the app is asking to access too much without expaining why, question why it might need access to these areas.
  4. Know the cost: If an app costs money, the developer is getting some revenue that way. If it’s free, you have to accept ads or the fact that you are the product and the information you provide will be sold on in one way or another. Of course, this doesn’t always apply, but it’s important to remember that someone, somewhere will be benefitting from you.
  5. Play by the rules: Breaking the rules can be fun, but as with in life, if you break free of that, there can be consequences to pay. Playing by the rules and staying in the controlled app stores will mean that a trusted provider (the people who make your phone software, and maybe even your phone) are checking apps for you. Sometimes apps will be more expensive, or they may not have all the choices, but that’s the trade off you get for not having your phone compromised and all your data gone.

If you would like more information please get in touch alternatively:

Contact Mubaloo by phone +44 (0)203 327 8333 or email

  • Deloitte Tech Fast 50 winner 2014
  • Appsters winner for best use of API 2014
  • Ranked as the top app developer outside of the US by research firm Clutch
  • UXUK Winner 2014
  • footer-TRW
  • Mubaloo innovation lab
  • footer-Mubaloo

Company registration number: 0‌6770774.

Registered address: Mubaloo, 3 Grosvenor Gardens, London, SW1W 0BD