Judging by the delay in Apple releasing iOS 10.3.2, it would appear that Team Pangu’s iOS 10.3.1 jailbreak is actually part of a scheme by Apple to put the squeeze on jailbreakers and the jailbreaking community as a whole. There are several clues that lead to this assumption, which we’ll be exploring today.
#1There is no need for Pangu iOS 10.3.1 jailbreak to be held back until iOS 10.3.2 is released to the public
In an earlier article, we argued that Apple and Pangu were at odds, trying to outdo each other like the cartoon characters Tom and Jerry. But the more we thought about it, the clearer it became that Apple was the one controlling the outcome of this game. There is no conceivable reason why Apple would hold back iOS 10.3.2 unless they have a very good reason. And that reason, we believe, is to attempt to wipe out any future potential for jailbreaking.
#2 Pangu is actually part of Apple’s Bug Bounty Program
On August 4, 2016, Apple launched its bug bounty program at Black Hat 2016, no less. For years Apple has frustrated security researchers, but the company’s head of security engineering and architecture, Ivan Krstic, spoke to attendees of Black Hat, and this is what was reported by TechCrunch at the time:
“While security has been a crucial part of its corporate narrative, Apple has quietly refused to pay for bug reports, at times frustrating security researchers who found it difficult to report flaws to the company. That changed today, as Apple’s head of security engineering and architecture, Ivan Krstic, announced to Black Hat attendees that Apple will begin offering cash bounties of up to $200,000 to researchers who discover vulnerabilities in its products.
Krstic’s announcement is part of Apple’s ongoing work to shed some of the secrecy around its security architecture and open up to the community of hackers, researchers and cryptographers who want to help improve its security. Even Krstic’s talk at Black Hat, which also covered the security features of HomeKit, AutoUnlock, and iCloud Keychain, is somewhat unusual for Apple.”
Since Apple opening itself up to collaboration with security researchers, several of them have moved from releasing jailbreaks to reporting flaws directly to Apple. $200,000 is a lot of money, and if Apple dangled something like that in front of Team Pangu – possibly even more – there’s no reason Pangu would not consider that offer very seriously.
#3 This is where the story could be taking a more sinister twist
Now, consider this assumed scenario: What if Apple has, in fact, made such an offer after learning of Pangu’s iOS 10.3.1 jailbreak? It’s easy enough for Apple to get Pangu to lure people into upgrading to iOS 10.3.1 by tempting them with an iOS 10.3.1 jailbreak. This also means users won’t be able to downgrade back to iOS 10.3 unless they saved their blobs, since Apple has already stopped signing that version after the release of iOS 10.3.1 on April 3, 2017. And what would be the point of downgrading to iOS 10.3 anyway?
#4 If our assumption is correct, then this might be happening
Assuming our hunch is right, and Apple is using Pangu to lure users to iOS 10.3.1 with a jailbreak, the next thing that will happen is that once the iOS 10.3.1 user base (device install base) reaches a critical mass predefined by Apple, the company will immediately release iOS 10.3.2 and stop signing iOS 10.3.1 within a week.
#5 And then, this might happen
Once iOS 10.3.2 is out, Pangu might once again tease iOS users with its iOS 10.3.1 jailbreak tool while Apple is still signing it. But after that, we believe they’re going to just fade away into the sunset without actually releasing the jailbreak tool, and after collecting a hefty fee from Apple for their work.
At that point, the majority of iOS users will be on iOS 10.3.1, there will be no jailbreak, and the only upgrade option will be iOS 10.3.2, which will have had the flaw patched so the elusive iOS 10.3.1 jailbreak exploit will be useless even if someone else tries to use it on iOS 10.3.2.
Apple – 1: Jailbreakers – 0
And GAME OVER for the jailbreak community, with no iOS 10.3.1 jailbreak
Is this how it will play out? It’s definitely possible that Apple has orchestrated it this way, because we see no other reason for Pangu to remain silent and not provide any information other than what they teased the jailbreak community with a few weeks ago.
After this promised jailbreak, there are likely going to be no more attempts. Most of the big names have already quit the game, some joining Apple because of the money they’re offering, and others simply calling it a day.
But it is not GAME OVER for Apple on the security front.
What they’re doing now with migrating the iOS ecosystem to 64-bit apps will also play a part in this. Older jailbroken devices will slowly lose support for some of the more popular tweaked 32-bit apps they currently have, and 64-bit apps will no longer run on jailbroken devices.
In fact, it could kill the Cydia app ecosystem, because devs will only keep updating their apps or developing new ones as long as there are fresh jailbreaks coming through and enough numbers of users downloading or regularly updating their apps.
In a few years, only very old Apple devices will be jailbroken, and the apps ecosystem for those will eventually die out because no new jailbreaks will be made available. By 2020, Apple could force jailbreaking to become a distant memory survived by reports of what once was, and a Wikipedia page as its only epitaph.
It’s a very dark and dismal scenario, I know, but I don’t see it playing out any other way at this point. I hope to God I’m wrong, but something tells me I might be spot on.
I’d love to hear your thoughts on this. Please feel free to comment.