One weekend, one million jailbreakers – what should Apple do next?

One weekend, one million jailbreakers - what should Apple do next?

Last weekend, the loosely-knit coding collective known as Chronic Dev tweeted about the latest jailbreak tool for Apple’s iDevices:

@chronicdevteam: Some stats since release of #Absinthe - 211,401 jailbroken iPad3's and 973,086 devices newly jailbroken!

Exciting news. (Exciting enough that I scarcely noticed, and almost forbore from mentioning, the misplaced apostrophe in the word iPad3s. Since no letter has been omitted, there’s no place for an apostrophe.)

It’s exciting not because there’s a jailbreak for current devices running the current version of iOS. That’s been possible for some time, as we reported nearly a month ago, back when iOS 5.1.1 first came out.

It’s exciting because this is an untethered jailbreak. In jailbreak jargon, that means that your device retains its liberty even if you reboot it, and can freely be rebooted without plugging it into your PC or Mac first. The “tether” refers to the umbilical USB cord by which you physically interconnect your iDevice and your computer.

It’s also exciting, or at least interesting and important, because the Absinthe untethered jailbreak tool was only released to the public two days before the abovementioned tweet.

Clearly, despite being banned by Apple, jailbreaking is considered useful by a small but significant minority of iDevice users.

And that raises the $64,000 security question, “Should you do it?”

The problem is that there’s no simple answer to that question. Should you buy a pick-up truck or a sedan? A 32″ or a 40″ TV? A fridge-freezer with the freezer compartment at the top or the bottom? Should you say tomayto or tomarto?

If you’re a sysadmin struggling with your organisation’s Bring Your Own Device (BYOD) policy, you’ll probably, and understandably, start off with a blanket ban on access to corporate resources from jailbroken devices.

There is more to go wrong – to be sure, the only successful self-replicating malware (i.e. true virus) for the iPhone, Ikee, relied on finding devices which had been jailbroken but not properly secured afterwards.

On the other hand, well-informed users who have jailbroken their devices needn’t be less secure, and may even end up better off than those who haven’t.

The jailbreaking community has a habit of offering security patches for the holes it found and rode in on, even for older iDevices which Apple itself is happy to leave out in the security wilderness.

Indeed, Apple won’t let anyone – not even well-known and trusted security companies – write software which runs outside iOS’s strictly-walled garden, and won’t officially allow anyone to offer iOS software for download or update outside its own marketplace.

So, although you can buy The World’s Most Popular Digital Fart Machine directly from Apple’s website, you can’t even build, let alone distribute, a proper, preventative anti-virus solution for your iPhone or your iPad.

There’s no Apple-endorsed way for ISVs (independent software vendors) to research, develop and publish low-level security add-ons such as kernel drivers.

In short, independent security innovation for iDevices is pretty much off the agenda – except in the jailbreaking community.

Ironic? I think so.

For me, the question isn’t whether jailbreaking should be legal. (I simply can’t think of a way to argue that jailbreaking could reasonably be made unlawful, so for me this question ought not even to arise.)

It’s whether or not Apple would benefit both the community and itself by offering an official route to jailbreaking – a route which could form the basis of independent invention and innovation in iDevice security by an interested minority.

What do you think? Vote in our poll: