Jailbroken devices and 3rd party secret keys in mobile devices
A Cybr member reached out the other day via email with some questions that I felt would be interesting and helpful to others as well. So with his permission, I’m posting it here with anonymization and details stripped out.
I’ve been working on a mobile application and have a few questions.
- Is it safe to allow users with jailbroken devices to access the app? Is it safe for the users?
- Is it safe for 3rd party secret keys that we store in the app? Like integration keys that use SDKs? How can we protect those keys from things like reverse engineering attacks
- Wouldn’t allowing jailbroken devices to use the app circumvent a lot of our security controls and expose things like those keys?