This is an update with the latest information about the iOS 26 jailbreak detection false positive. The previous email sent out is below for reference.
We have been able to produce a temporary jailbreak false positive while an iOS 26 device was updating to a newer version. This was triggered during the update process and stopped when the update was complete. It does not reproduce reliably. We cannot confirm this is the widespread jailbreak false positive, but it matches the behavior we see in App Aware data where there is a spike of jailbreak tamper actions when a new version of iOS 26 is released and then the jailbreak tamper actions settle as users move to the latest version. We will continue to investigate and update our plans if we have any additional findings.
The next EnsureIT release is planned for the week of November 10th and includes:
ā¢ A fix where jailbreak detection triggered during the iOS update reproduction described above.
ā¢ A fix where jailbreak detection triggers a tamper action when the device is completely out of storage space. We do not think this is the cause of iOS 26 false positives.
ā¢ Additional App Aware reporting for jailbreak detection technique ID and device model. At the time of release, this data will not be visible in App Aware.
For App Protection for Mobile ARM:
We will generate new protection dylibs that have updates to the jailbreak detection guard described above after the EnsureIT release.
Previous Email sent on October 6th
We have App Aware data and customer reports that suggest there is a low probability of the Jailbreak Detection Guard triggering a tamper action when the device is not jailbroken. We are still working on a reproduction to root cause the issue, but our data suggests the false positive detection is triggering when users are updating to iOS 26 and then the jailbreak detections go away after some time.
As a workaround we recommend changing the jailbreak detection guard spec to set the jailbreak detection guard to every iOS version less than 26. Currently there are no known jailbreaks for iOS 26 on devices that Apple supports iOS 26.
For App Protection for Apple Native (EnsureIT) users:
See documentation at: https://docs.digital.ai/appsec-apple/docs/shared/defining-protection/jailbreak-detection-guard#specifying-the-operation-system-versions-that-report-tamper section āSpecifying the Operation System Versions that report tamperā
You may need to log into https://docs.digital.ai before the full link will work.
The guardspec change can be done by using
setTamperActionTargetOSRange("", "25.255.255")
For example:
gs.detectJailbreak("jailbreak_detection_1",gs.function("foo").entry()).setTamperAction("fail").setTamperActionTargetOSRange("", "25.255.255");
This will change the behavior such that if a jailbreak is detected outside of the specified range, the non-tamper action will be invoked instead of the tamper action. If jailbreak is detected, it is reported as tamper to App Aware regardless of the device OS version.
For App Protection for Mobile ARM (GuardIT) users:
The jailbreak detection behavior is currently built into the pre-generated protection library that we provide. We are creating new protection libraries that have the changes described above and we can provide them through a request to the support portal.
Please reach out through the support portal if you have any questions.