What are jailbroken and rooted devices, and what do they mean for fraud? Let's explore implications and best practices for fraud teams.

What is Jailbreak & Root?

What does it mean?Why do end-users do this?

Jailbreak is for iOS

Removing software restrictions put into place by Apple on devices that run the iOS operating system

  • Customize user experience (e.g. non-Apple lock screen)
  • Download unofficial apps
  • Unlock SIM cards in order to use the device with another carrier
Root is for AndroidRemoving software restrictions put into place by Google, and gaining the ability to replace the entire operating system
  • Carry features over from one device to another
  • Remove system apps (e.g. from carriers) that typically cannot be uninstalled
  • Unlock SIM cards in order to use the device with another carrier

What Makes Jailbroke and Rooted Devices Risky?

Jailbreak and root processes essentially alter the operating system and its security level. The degree of alteration varies depends on the operating system’s flexibility. The more change that the operating system tolerates, the greater the likelihood that a legitimate app will be vulnerable after a device is jailbroken or rooted.

What is the Difference Between Jailbreaking and Rooting an IOS or Android Mobile Device?

Here is a great analogy that I recently encountered in an article:

“Think of it like the Matrix: jailbreaking is comparable to what Morpheus could do. He could bend the rules of the system to overcome certain restrictions, but was still bound to its rules. Rooting is what Neo could do. Not only could he bend the rules, he could completely break them” - source.

Both Apple and Google continue to tighten restrictions on the ability to jailbreak and root their devices. Google is gradually moving toward Apple’s model by further reducing access levels even for devices that are rooted.

Example of New UI in a Jailbroken Device

jailbroken phone fraud

Are Jailbroken Devices Bad for Businesses and Enterprises?

Reasons to jailbreak and root devices are not always malicious. With respect to iovation customers, the key issue has increased the risk to our subscribers’ end-users. In order to accommodate features that are not from official sources, users must run software on jailbroken and rooted devices that can significantly lower the devices’ security level.

What Risks Are Associated with Jailbroken and Rooted Devices?

Removing access restrictions for device memory can expose sensitive data. With apps that do not have strong data protection, fraudsters can detect the activation of the app and then monitor memory for login credentials like usernames and passwords.

Users may also mistakenly download malicious apps that exploit security vulnerabilities. Here is one example that we encountered: Fraudsters created apps that capture all incoming SMS messages that include one-time passwords. Financial institutions may send such messages to end-users for second-factor authentication.

As a Business Owner, What Can I Do?

As shown above, account takeover is one of the top risks associated with jailbroken and rooted devices. Evidence suggests that fraudsters don’t commit fraud on the same device where the account credentials were stolen. Rather, the subsequent fraudulent transactions fall into typical ATO behavior. Consider looking for account activities that coincide with jailbroken/rooted status; these may occur together before any anomalous account activities.

There is no one-size-fits-all solution. Your use case and integration point can determine the risk with respect to jailbreaking and rooting. Stay ahead of the bad guys by continuously evaluating user behavior and adjusting your business rules and integrations.

Here at iovation, we are continually improving our fraud detection and prevention solutions to ensure our clients are protected from the latest types of fraud.