[jzdziarski]

My response:
http://zdziarski.com...aksecurity.html

[DogHouseDub]

to be fair, I did install an app through Cydia that Rick Roll'd my iPhone... it made me feel VERY insecure...

[robogobo]

Soon we'll be seeing pictures of Batboy and UFO sightings on the front page. This is crap without citing evidence.

[krizoitz]

LOL. Gotta love all the people falling all over themselves to try and defend jailbreaking. Of course your phone will be less safe if its jailbroken. That doesn't mean it will immediately become host to a million viruses, but its true that you are removing safeguards that Apple has put in place. Its a trade off. You have less restrictions, and you have less security, I really don't see whats so controversial about such an obvious and true statement.

[plugtwo]

Another security concern not mentioned in the article: Once you have jailbroken your phone, it's very inconvenient to upgrade to new Apple firmware. Often it's not even possible until the jailbreak dev team has released new utility software. This means that if Apple were to publish a OS point release including a critical security fix (for example the critical SMS flaw reported today), jailbroken phones may not be patched in a timely fashion (or at all out of fear of losing the ability to jailbreak). Interested to hear what people more knowledgeable about jailbreak have to say about this.

[Chris Breen]

plugtwo said:

>Often it's not even possible until the jailbreak dev team has released new utility software. This means that if Apple were to publish a OS point release including a critical security fix (for example the critical SMS flaw reported today), jailbroken phones may not be patched in a timely fashion (or at all out of fear of losing the ability to jailbreak). Interested to hear what people more knowledgeable about jailbreak have to say about this.

This is a valid point. Couple of things about it.

My guess is that those who jailbreak their phones know what they're getting into. Certainly not all are uber-geeks but they're likely to have a better appreciation of what they're getting into than the typical iPhone owner. Given that, they'd likely be careful about where and how they get their software (and understand the risks of opening their phones in that way).

Also, the people who develop the tools for jailbreaking iPhones are pretty speedy. It took no more than a week for them to ship a jailbreak for the 3.0 software. So I don't think there should be a ton of concern about jailbroken phones not being patched in a timely fashion. Those who follow this stuff have a pretty good idea of when the latest jailbreak is available.

[sterlingz]

This is exactly why I would like to have my original iPhone 2G officially unlocked by Apple or AT&T, and why they are not valuing their customers by failing to do so at the end of two year contracts.

I went to the AT&T store today to see if get my wife's original iPhone 2G unlocked, now that she has completed her two year contract (we purchased at launch) with AT&T. My plan is to use the original 2G with other SIM cards when I travel overseas so I can have a local number, while using my new 3GS sparingly to avoid roaming charges. AT&T claims that they can't do it, that only Apple can handle it because of their activation servers keeping track of each IMEI.

I called Apple, to see what I could do. I started at the Apple Store, and was bounced over to AppleCare, and escalated up to a product specialist, who says that they are unable to unlock phones due to AT&T's policies. They don't have any solution for this, because the phone was "only designed to work on AT&T's network," which is of course, complete and total BS. Meanwhile, I had reps at both AT&T and at the Apple Store tell me to just "Google an unlock solution and do it myself."

This is outrageous. We paid $500 for the phone (unsubsidized), and over $1400 in fees over the life of the life of the two year contract. We've paid our dues. I shouldn't have to jailbreak just to have the phone unlocked at this point. Apple and AT&T need to get a better, fairer policy in place pronto. I can understand having a hard and fast policy regarding unlocked phones under contract, but this is no way to treat customers who have honored their obligations.

The whole thing leaves an extremely bad taste in my mouth. I'm still in the 30 day evaluation period for my 3GS. I'm inclined to send it back, cancel my contract with AT&T, and buy an official unlocked iPhone from Europe to use on T-Mobile. I am completely disgusted by AT&T's disregard for their paying customers, and disappointed that Apple chose them as a partner. I look forward to seeing them branch out to other carriers in the US.

[djgamble]

MacWorld has a vendetta against the jailbreaking community or something? WTF's with this?
Last week we had that article saying "it's not worth it unless you're a pirate or want to view porn..."
This week we get people saying it's less secure!!! It's actually MORE secure because the Jailbreak fixes the security vulnerability that allows you to Jailbreak!!!!!
What do you guys have against Jailbreaking? Get over it!!

[microfud]

I'm not going to sit here and type that this guy is wrong. But I think it's a little hyperventilated.
It's not like I'm downloading every jailbreak app ever written. I use mine jailbroken 3G phone to watch my slingplayer app on the 3G network. I also use it to record video, which Apple unhelpfully disabled on the 3G phone.
So, unless someone put malicious code on one of the exploits used for these apps/services, it's kind of a moot point (for me at least).

[Chris Breen]

djgamble said:

> What do you guys have against Jailbreaking? Get over it!!

Different authors have different opinions so it's not fair to suggest that Macworld as a publication has something against jaillbreaking. Rob Griffiths and I have written extensively about jailbreaking and its benefits, for example.

That said, there are arguments to be made about security. I only wish that this particular article had been a little more balanced about the true risks.

[Slapper]

This whole thing is definitely propaganda. Even the main editors of this site make hackintosh computers and do other weird things apple probably has a problem with. Im sure they are also in favor of jail-broken iphones. Its strange to see an article like this that MIRRORS lame arguments brought up by Apple & ATT. . . . .

[rab777hp]

this is the best jailbreak ever:

http://bit.ly/S8R0H

lol

[sEaMoNkeY]

[quote name='Chris Breen']
>

Moebius said:

>The act of code signing allows Apple to verify the source of the application. When apps are not signed, noone knows who developed the application. This anonymity is what malicious developers thrive on to spread their code.

Hmm, somehow I've managed to download countless unsigned applications to my Macintosh and yet it continues to grow and thrive. The point is that if you're unsure of a source -- regardless if it's stuff for your iPhone or Mac -- don't touch it. As someone else mentioned, I've yet to see anything on Cydia that's a problem.

Thank you, Chris. I couldn't have said it better myself.

[Golf11]

@Chris Breen: What are the risk that were not really discussed in this article?