We’ve known for a while now that Team Pangu has been teasing a public release for its iOS 10.3.1 jailbreak tool, but if they do have one, why haven’t they released it yet? More to the point, why are they waiting for Apple to release iOS 10.3.2 before releasing their iOS 10.3.1 jailbreak – dubbed Janus – as they have claimed?
There are a couple of angles to consider if we want a plausible explanation for the delay in Pangu releasing this particular JB tool.
First of all is the install base for iOS 10.3.1
Considering the seriousness of the WiFi vulnerability on iOS 10.3, it is reasonable to assume that a large percentage of devices that upgraded to iOS 10.3 have already migrated to iOS 10.3.1.
This is what Apple noted at the release:
Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later
Impact: An attacker within range may be able to execute arbitrary code on the Wi-Fi chip
Description: A stack buffer overflow was addressed through improved input validation.
CVE-2017-6975: Gal Beniamini of Google Project Zero
That being the case, a majority of iOS 10.3 devices have already moved up to iOS 10.3.1. Moreover, since this vulnerability was found to affect Broadcom chipsets, and all iPhones after iPhone 4, that’s a huge user base likely to be on iOS 10.3.1 already. And with Apple reporting a record holiday quarter for iPhone sales, that’s tens of millions of brand new devices added to the mix.
However, there have also been several reports of users not being able to upgrade to iOS 10.3.1, per Apple’s support forum. If this is widespread enough, it may have dissuaded a lot of users from upgrading at all, which means they’re still on iOS 10.3 or earlier versions.
Despite that being the case, there is likely to be a large chunk of iOS devices that are on the most current version.
If that’s true, then there’s no reason for Pangu not to release the jailbreak tool right now, instead of waiting for Apple to release iOS 10.3.2.
That’s one angle.
The other angle is iOS 10.3.2 itself
If Pangu is waiting so that it can capture the iOS 10.3.2 user base in addition to iOS 10.3.1, that might a little more sense. In fact, iOS 10.3.2 might well be the last iteration of iOS 10.x before Apple starts to roll out the betas for iOS 11 ahead of launching its flagship iPhone 8 later this year.
So there are two things to consider here.
The first is: why is Pangu not releasing the iOS 10.3.1 jailbreak tool despite there being a presumably large user base current on that version.
Secondly, if they’re waiting for Apple to miss patching the vulnerability on iOS 10.3.2, will Pangu then release the jailbreak whether or not Apple has managed to patch it?
One argument we’re missing here is that even if Apple does find the flaw on its own and patches it in iOS 10.3.2, the iOS 10.3.1 jailbreak that Pangu claims it has will still work for those who don’t upgrade. If Apple doesn’t find and fix the flaw, then Pangu simply captures a larger marketshare for its jailbreak tool.
That last argument might not hold much water, admittedly, because the users currently on iOS 10.3.1 are likely to be the same ones to migrate to iOS 10.3.2 as well, since there aren’t any device restrictions likely to be enforced by Apple. In fact, iOS 10.3.1 was such a big deal, security-wise, that Apple opened up even more devices to the update even though they weren’t on the original eligibility list for iOS 10.3.
That really throws a spanner in the works now, making it very hard to believe that Pangu does, in fact, have a working iOS 10.3.1 jailbreak. The way we see it, there’s really no point sitting on a working jailbreak, waiting for the next release. And if Pangu does not have a JB tool for iOS 10.3.1, there’s no reason for them to tease users with that possibility. It can only hurt the reputation they’ve built thus far in the larger jailbreak community, even though a lot of jailbreak experts aren’t too fond of them.
The big question that comes out of that train of thought is this: Why wait to capture what will essentially be the same base of users moving to the next iOS version?
Somehow, it doesn’t make sense. But we could be wrong. Any real validation will happen after Apple releases iOS 10.3.2, and not before. The rumor mill suggests that this will either be on May 15 or May 22. When that happens, all eyes will be on Pangu and their jailbreak for iOS 10.3.1.