In today's video we're analyzing something pretty interesting that was pointed out to me by a guy on Twitter who was curious about it. Yet another iOS 10.2.1 Jailbreak IPA. Obviously fake, but possibly dangerous. The reason I am making this video is that: If this guy found it and was curious to know if it really is a Jailbreak, this means that other might do the same, and if it happens to be malware and there is no one to rise the awareness, there will be casualties.
The IPA is called HostzSpring, and I've managed to track it down to a Twitter account that pretends to be a "Solo iOS Hacker" involved in "Jailbreaks". As usually a simple test is worth 100 hours of static analysis, I've decided to load the IPA on my Test Device to see its behavior, and boy, did I was surprised. The Application seem to trigger some kind of background process that ACTUALLY RESPRINGS the test device. What is strange is that even if I close the application, a few seconds later my device will still respring. From what I know, you can't respring a non-jailbroken device, at least not from such a poorly made app, as the developer clearly has no idea on how Xcode screen constraints work by the looks of the app. This is where my interest has peaked and I've decided to take the IPA to bits.
All in all, this could be a very dangerous IPA masked as a fake Jailbreak, so I would recommend you, if you come across it, to NOT install it on your main device. For some reason the app seem to have a good Notification center integration which really makes it the next level app in the fake Jailbreaks. For security reasons, I will not link to that IPA, I care about your security and I hope you do that too.
==Resources==
iOS 9.3.5 – Nalu Jailbreak Project Explained!: https://youtu.be/BKWukPjc3NA
iOS 10.3 Yalu 103 Jailbreak IPA – Is It Safe / Real? (Jailbreak Warning!): https://youtu.be/PiBHlwYJZyY
Myriam iOS Security App Released: https://youtu.be/zVdUDL8SS_Y
About Fried Apple Team: https://youtu.be/QIl0HDIp4p4