# 06. Jailbreak Detection & Runtime Security

meta:
  id: ios-production-06
  feature: ios-production
  priority: P2
  depends_on: []
  tags: [security, hardening, production]

objective:
- Implement jailbreak detection and runtime security measures to protect the app on compromised devices

deliverables:
- Jailbreak detection implementation
- Runtime integrity checks
- Anti-tampering measures
- Secure enclave usage for sensitive operations

steps:
1. Implement jailbreak detection:
   - Check for common jailbreak files (/Applications/Cydia.app, etc.)
   - Check if app can write outside sandbox
   - Check for suspicious dylibs
   - Use multiple detection methods for robustness
   - Add to APIClient or AppDelegate
2. Define jailbreak response:
   - Option A: Block app usage with warning
   - Option B: Degrade functionality (no biometric, no payments)
   - Option C: Log and alert backend
   - Recommended: Option B + alert backend
3. Implement runtime integrity checks:
   - Verify code signature at runtime
   - Detect debugger attachment
   - Detect code injection attempts
   - Verify method swizzling hasn't occurred
4. Use Secure Enclave:
   - Store encryption keys in Secure Enclave
   - Use biometrics via LocalAuthentication framework
   - Protect keychain items with biometry constraint
5. Add anti-tampering:
   - Obfuscate sensitive strings (API endpoints, keys)
   - Verify bundle identifier hasn't changed
   - Check for binary modification
6. Implement backend alerting:
   - Send jailbreak detection event to backend
   - Include device info (non-identifiable)
   - Flag account for additional monitoring

tests:
- Unit: Test detection logic with mock jailbreak indicators
- Integration: Test on jailbroken device (if available)
- Security: Verify debugger detection works

acceptance_criteria:
- Jailbreak detection active with multiple methods
- App degrades gracefully on detected jailbreak
- Backend receives alert when jailbreak detected
- Secure Enclave used for key storage
- Debugger attachment detected and handled
- Runtime integrity checks active
- Sensitive strings obfuscated in binary
- No false positives on non-jailbroken devices

validation:
- Run on normal device → no jailbreak detected, full functionality
- Run on jailbroken device → degraded mode activated
- Attach debugger → app detects and responds
- Check backend logs → jailbreak events received

notes:
- Jailbreak detection is cat-and-mouse — don't rely on it exclusively
- Apple may reject apps that overly aggressively block jailbroken devices
- Degradation is safer than blocking (better user experience)
- Use Swift string obfuscation libraries for sensitive data