In a white paper Orasi recently published on its website, our mobile team dug into the question of using jailbroken devices and the risks this approach poses for mobile software testers. We thought it would be interesting to explore these issues here, as well.
Jailbreaking is a term that has always had negative connotations for the world as a whole, conjuring up images of handmade files and saws, tunneled passageways, and bloodhounds barking in the night. In the software world, the mechanisms for jailbreaking are different, of course, and many testers’ attitudes towards the concept are far less critical. However, that doesn’t mean jailbreaking is a sound―or even legal―practice in testing.
For those who are unfamiliar with jailbreaking, it involves thwarting technological protection measures instituted by Apple, using various exploits to gain root access to the iOS operating system. Once the device OS has been compromised, users can download unsupported applications, extensions and themes―those which are not available through the protected Apple App Store. (A related approach for Android is “rooting” the device. Although Android devices run on open OSs and their bootloaders are usually not locked against OS modifications, the concept of conferring “super user” powers to the owner of the compromised device is still relevant here.)
Despite the questionable nature of the activity, many testers jailbreak their devices or acquire those that are already jailbroken. There are a handful of tests (such as track-based tests) that are prohibitively expensive to perform without using jailbroken devices. However, many reputable automation tools no longer require jailbreaking and there are workarounds for the vast majority of tests, alleviating the need to use jailbroken devices. We recommend testers use jailbroken devices only when there is no other viable alternative―and that the use of these devices be limited specifically to those tests.
With a little ingenuity, many companies can accomplish most testing goals through manual or automated testing and avoid jailbroken devices completely. Given that jailbroken devices are more susceptible to being attacked by malware, they are no longer covered by the Apple warranty and they are more likely to malfunction, the cost of using jailbroken devices may outweigh the benefits. Furthermore, software unsupported by the Apple store is more likely to leak location and other information, so testers should be very circumspect about any unsupported (by Apple) software they download. Once jailbroken, devices should not be relied upon for anything but testing, which makes them even more expensive to use.
Like a real-world prisoner, you may perform a jailbreak and get away with it initially, and things may appear to be fine. However, problems with the device can crop up, sooner or later, that will render it essentially worthless and expose the device’s users to malicious exploits and other nasties. To read our white paper on jailbreaking and learn more about its dangers (and best practices, should you use the approach), please visit our Resource Library and register to receive a free copy.
Joe Schulz, Area Vice President of Mobile Testing at Orasi Software