Slashdot Mirror
Apple Releases Patch For Evasi0n Jailbreak (After It's Used 18 Million Times)
Sparrowvsrevolution writes "Apple has released a new update for iOS that prevents the jailbreak evasi0n released last month. But that hacking tool has already become the most popular jailbreak ever: It's been used to remove the software restrictions on 18.2 million devices in the 43 days between its release and the patch, according to data from Cydia, the app store for jailbroken devices. In its announcement of the update, Apple says it has fixed six bugs and was polite enough to credit the hackers behind evasi0n with finding four of them. At least one of the bugs used by evasi0n remains unpatched, according to David Wang, one of evasi0n's creators. And Wang says that he and his fellow hackers still have bugs in reserve for a new jailbreak, although they plan to keep them secret until the next major release."
It's called Android...
How are they going to produce jailbreaks if they report it?
It would be irresponsible of them to deliberately collaborate with restricting user freedoms.
Excuse the Unicode crap in my posts. That's an apostrophe, and slashdot is busted.
I hate it when people cry foul when Apple patches a jailbreak method. I find visiting a web page or opening a PDF that can root your device then automatically installs binaries and run them without user intervention that has full access to your whole phone quite worrying.
I do wonder if someone has maliciously used a jailbreak methods on their own web site, installing binaries remotely without the user knowing, and then taking data. How do you find out if this has happened?
They'll just say, that everything's fine the way it is and noone need to actually be in control of the device they're using. In most cases in seems that iDevices are smarter than their owners anyway, so it just might be better for them if the device is in charge.
This would clearly be the case if Apple did not insist on locking down devices in ways the consumers don't want. If there were, say, a menu option for "allow installation from unknown sources", there would be no excuse for sitting on bugs. As it is now, it is muddier: On the one hand, it is a security flaw that should be patched. On the other hand, it is a way to ensure that they can keep using their hardware in the way they want to.
Of course, the easy way around the dilemma would be to insist on only paying money for hardware you actually own, not quasi-lease, which is the only option Apple wants for iOS hardware.
This wouldn't be needed had Apple not been Apple. You know the whole "we know better than you what you want" motto.
If they didn't know what people wanted I'm assuming they wouldn't be selling so well.
They did.
The security flaws were hurting iOS users, so they reported them using their tool.
The reason security flaws are reported is in order to protect the users, not the vendor.
Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
" in ways the consumers don't want." Ah, but the majority of the users want it (me included).
I think its great arrangement, those who wan't to hack jailbreak (and provide free bug hunts for Apple) and those who don't just use the device as is.
Its apple tart! http://en.wikipedia.org/wiki/Apple_pie Not Appletard, that not even a word.You Slashtard!
Well look at this from another view point, even if they told apple, ATM takes apple 1.5-2months to fix flaws as it is.
I thought it was only unlocking a phone to use it on any carrier that recently became "illegal" due to a change at the library of congress.
IIRC there was a court case or some legislative action a year or 2 ago that made it illegal for manufacturers to stop people from jailbreaking their phones.
How is Apple geting around this, assuming I'm not misinformed? If they are just "fixing bugs" they should have the "Allow apps from anywhere" option that sFurbo mentioned above long ago!
This is written on a MacBook but I have less love for Apple every day. It's like an old marriage that's jumped the shark.
Less *is* more.
The exploit used by evasi0n to gain root is a missing permissions check in USB backup/restore.
So unless your web page or PDF somehow magically plugs a iPhone into a properly prepared host... nope.
How are they going to produce jailbreaks if they report it?
It would be irresponsible of them to deliberately collaborate with restricting user freedoms.
I don't care about jailbreaks, I'm not going to install one anyway. Ever. I do care about security flaws in the operating system that is installed on hundreds of millions of devices.
It's plenty flexible enough for me without jailbreaking. I can compile and install my own apps without going through the store. You just have to have a developer account (which is not very expensive).
When *I* pay $700 for a phone, it will be used the way *I* want to use it, not the way the company I bought it from recommends. Shit, they go beyond simple recommendation, they FORCE me to use it their way. Kudos to the jailbreaking teams around the world for giving me what the company that sold me the product failed to give me.....freedom.
It's pretty simple, really. If you are that concerned about their security flaws, then upgrade. As a developer myself, I can guarantee you that there are more bugs/flaws that have not been addressed. If not, or you wish to handle YOUR device's security yourself, like I do, stick with a version of iOS >=6.1.2.
In my opinion, jailbreaking is worth it simply to run the iBlacklist app, if nothing else. That, and the ability to block the never ending onslaught of ads that are eating up my "unlimited" data plan. Like I stated, it is MY fucking phone. If I do not want to be bothered by telemarketers, politicians trying to solicit money, debt collectors (who mainly call my number because it is still linked to whoever's number this was before I had it, and didn't bother to update their database when I politely explained, the first 100 times, that this is no longer Alejandra Gomez's number), and anyone else I deem worthy of my shitlist, I should have that ability, because neither Apple, nor my carrier provide me with it.
And, to whoever posted it, jailbreaking is NOT illegal. Unlocking is currently (in the US), but the Obama squad is on that.....supposedly.
Bullshit. Most users are perfectly happy with the device. A few - very few, though vocal on this site - wants to do something they were never promised, and those few put the majority in danger. Granted, chances are, the flaws would not be know currently otherwise, but sitting on a flaw for your egoistical reasons is a bad reason.
This would clearly be the case if Apple did not insist on locking down devices in ways the consumers don't want. If there were, say, a menu option for "allow installation from unknown sources", there would be no excuse for sitting on bugs.
Have you looked into ad-hoc and enterprise deployment of apps on iOS? Both of those allow installation from unknown sources (actually, any URL on the internet).
Sure, the binary still has to be signed by a certificate that has been signed by Apple, and Apple maintains a blacklist of revoked certificates, but if you sign up for a developer account (dirt cheap compared to your monthly phone bill) there is nothing stopping you from deploying your own apps on your own device.
You don't even need to have the source code for the app you're deploying, you can sign any binary with your certificate and install it.
I hate it when people cry foul when Apple patches a jailbreak method. I find visiting a web page or opening a PDF that can root your device then automatically installs binaries and run them without user intervention that has full access to your whole phone quite worrying.
At least with the iPhone and other Apple devices, all but the original tiff bug for jailbreakme.com have required installing a jailbreaking software package and cabling the device to your computer in order to accomplish the jailbreak.
You can get malicious software through the approves install channels very rarely (Apple generally disallows PhoneGap type software, which requires a captive custom UIView in order to cause problems via DNS redirection), so you mostly see malicious software in places where the markets consist of "install any software from an untrusted source after it has been downloaded from a trusted source, and then trojaned". In other words, typically Asian Warez sites that claim to let you download iApps that would normally have a higher price tag if you got them through the App store.
I have seen a lot more malware coming out on Android platform devices through nominally legitimate channels, since anyone can sign an app and run their own App store for Android. So the walled garden you are admiring in Apple is somewhat helpful in one way, but typically very harmful in others, in terms of editorial content.
Philosophically, jailbreaking should be, and should remain legal. Minimally: I paid for the atoms in that phone, and those atoms will damn well do what I tell them to without intermediation by a third party who has no business telling me what to do with my atoms.
This wouldn't be needed had Apple not been Apple. You know the whole "we know better than you what you want" motto.
If they didn't know what people wanted I'm assuming they wouldn't be selling so well.
If people were happy with their devices being locked up and restricted I'm assuming 18 million of them wouldn't have used this jailbreak in a little over a month. That number seems like it includes a lot more than just geeks and hobbyists.
This wouldn't be needed had Apple not been Apple. You know the whole "we know better than you what you want" motto.
If they didn't know what people wanted I'm assuming they wouldn't be selling so well.
Apple obviously doesn't know what at least 18 million, 200,000 of their customers want.
The flaws are "fixed" enough already. If you were to even try to touch any of my hardware (phone, computer, laptops, anything), your arm will be broken in multiple places long before you have the chance to perform a local privilege escalation exploit :P
I mean you act like this is a bug in a network daemon or something!
Fuck no.
For fucking millionth time, the only way to not deliberately collaborate with restricting user freedoms is to not fucking buy the restricted stuff in the first place.
You buy DRM'ed shit - you give the DRM producer money. The fact that you intend to use hacks to circumvent the DRM later only sends a clear message: "We're doing fine, we just need to clamp down on them hackers harder".
This is not fighting for freedom, this is entitlement complex. I could somewhat understand looking to break DRM when non-DRM media in some class is nonexistent or virtually nonexistent - like in DVD video case, but not in cases like smartphones or, say, videogames. You're not entitled to it. Just say "fuck you" to them and their shiny toys and go play elsewhere - the playground is huge and alternatives are plenty.
Stop buying their products!
I do care about security flaws in the operating system that is installed on hundreds of millions of devices.
As far as I can tell, every flaw they "use" is tethered, and there's never been malware that used any of them. The only way they decrease the security of your device is if you manually jailbreak it, which is not an accidental process, then manually install malware. If you are so sure you'll never jailbreak your device, then you are sure you'll never be attacked through those iOS bugs.
Learn to love Alaska
I jailbroke my idevices because the ones I have can't be unlocked any other way. It was just the carrier locking I wanted around.
Learn to love Alaska
there's never been malware that used any of them.
That you know of.
You don't actually need to jailbreak an Android phone, they are already jailbroken. You just go and press a button to allow applications from sources other than the Google Play store. It will warn you that you may face hacking, doom, whatever but it will then allow you to install applications from any source you like. You can download them off the web, you can get other application stores, like Amazon's, whatever you want. Rooting is if you want full control of your device. You are right that some devices are very locked down and hard to root. However it really isn't comparable, since they are all more or less jailbroken.
The main reason to jailbreak iPhone is to get access to non-Apple applications. That is just not necessary on Android.
This wouldn't be needed had Apple not been Apple. You know the whole "we know better than you what you want" motto.
If they didn't know what people wanted I'm assuming they wouldn't be selling so well.
Apple obviously doesn't know what at least 18 million, 200,000 of their customers want.
The install base of iOS is 300 million plus. Also, how many of those 18 million, 200.000 are unique device jailbreaks and how many are dupes? It seems to me that most iOS users don't bother to jailbreak. Those 18 million are certainly not many enough to force Apple to and abandon jailing.
I do wonder if someone has maliciously used a jailbreak methods on their own web site, installing binaries remotely without the user knowing, and then taking data. How do you find out if this has happened?
The exploit used by evasi0n to gain root is a missing permissions check in USB backup/restore. So unless your web page or PDF somehow magically plugs a iPhone into a properly prepared host... nope.
I'm pretty sure you can root iOS (or any other mobile OS) using vulnerabilities that do not require the device to be USB connected so his point still stands.
Cracking the Apple TV 3? I can not believe that that platform is completely secured from hackers.
Do not look at laser with remaining good eye.
The install base of iOS is 300 million plus. Also, how many of those 18 million, 200.000 are unique device jailbreaks and how many are dupes? It seems to me that most iOS users don't bother to jailbreak. Those 18 million are certainly not many enough to force Apple to and abandon jailing.
18 million people sought out and used the jailbreak, that's significant because this isn't something they can just go get at the app store.
For every one of those 18 million how many others do you think didn't because they didn't want to void their warranties? Or they (rightfully) didn't want to risk installing malware or bricking their phone by blindly installing some hack from an unknown 3rd party? Or they didn't feel comfortable or technically competent enough to mess with the core software of their device?
And then consider all of the people who would have used the jailbreak but simply didn't learn about it during the 6 weeks of its existence.
You don't actually need to jailbreak an Android phone, they are already jailbroken. You just go and press a button to allow applications from sources other than the Google Play store. It will warn you that you may face hacking, doom, whatever but it will then allow you to install applications from any source you like. You can download them off the web, you can get other application stores, like Amazon's, whatever you want. Rooting is if you want full control of your device. You are right that some devices are very locked down and hard to root. However it really isn't comparable, since they are all more or less jailbroken.
The main reason to jailbreak iPhone is to get access to non-Apple applications. That is just not necessary on Android.
What are you doing here? The main reason for /. nerds to get root access to iOS or Android is to do nerdy stuff like tinker around with the OS and even replace the OS entirely. I suspect that's what he was talking about.
Then they should fix those, instead of the ones that can only be used if you already have physical access to the phone.
That's a benefit, not a burden.
The install base of iOS is 300 million plus. Also, how many of those 18 million, 200.000 are unique device jailbreaks and how many are dupes? It seems to me that most iOS users don't bother to jailbreak. Those 18 million are certainly not many enough to force Apple to and abandon jailing.
18 million people sought out and used the jailbreak, that's significant because this isn't something they can just go get at the app store.
For every one of those 18 million how many others do you think didn't because they didn't want to void their warranties? Or they (rightfully) didn't want to risk installing malware or bricking their phone by blindly installing some hack from an unknown 3rd party? Or they didn't feel comfortable or technically competent enough to mess with the core software of their device?
And then consider all of the people who would have used the jailbreak but simply didn't learn about it during the 6 weeks of its existence.
I'm a computer scientist, I know how to jailbreak iOS, I could even develop my own jailbreaks If i was inclined to spend enough of my spare time on it but I still haven't jail-broken my iPhone or iPad simply because so far I have been perfectly satisfied with the software selection on iTunes (heretical I know but there it is). The only thing that could possibly motivate me to jailbreak/root my iDevices is (a) Apple disables the ability to import mp3/mp4/pdf files or (b) I get curious enough about the inner workings of iOS that I want to examine it's guts with trace utilities and a hex editor. To be fair, in case (a) I'd probably switch to Android rather than put up with the hassle of jailbreaks that are only available for short periods until Apple blocks them. The bottom line is that 90% or so of iOS users are perfectly happy without jail-breaking their devices and you just listed a whole slew of reasons why. They only way Apple is ever going to tear down the walls around it's garden is if jail-breaking rates top 70 or 80%.
Don't you have the option to remain jailbroken, jailbreak, or not update to the newest iOS at any given time to keep your JB? If Cydia apps are worth more to you than the increased functionality/methods for appstore apps, then your path seems rather obvious.
I can compile and install my own apps without going through the store. You just have to have a developer account (which is not very expensive).
Yes, $99 per year. Every year. When you stop paying, your certificate expires and your apps are no longer trusted.
Keep paying the rent to use your device.
Well I know several iphone owners and only 2 who jailbreak (not myself). The reason is simply: access to pirated stuff. Nothing to do with freedom. They agree that for them the stock library is more than good enough. I've heard that before that piracy is a big interest for many jailbreakers.
Myself I find it strange that it is ok to buy an excellent but expensive gadget, and then find the few dollars for the occasional app purchases too much.
True, but the discussion was about whether to report security flaws, or to keep them secret in the hopes that they can be used to create jailbreaks when the flaws present exploited have been fixed. That, of course, leaves the last sentence in my GPP as little more than an incoherent rant. Ah, well, it was early when I wrote it, and I clearly hadn't had enough coffee.
The main reason to jailbreak an iPhone is to pirate apps.
I think it mostly includes kids who want to pirate stuff.
I hope Apple manages to patch every single bug that would allow jailbreaking. They had a pretty good run with the iPhone 4s and 5, clocking in at 98 days and 136 days respectively.
Too many people buy iOS devices based on the premise they'll be able to jailbreak them in order to make full use of the hardware they bought. And that rewards Apple and its walled garden model, which is beyond broken. Sadly many consumers are too complacent, lazy or stupid to care they are only renting their iPhone or iPad. In 2013 I am not buying the "It just works" mantra, because many other devices just work better. However if even a fraction of those 18 million jailbreakers had opted for more open alternative, the marketplace would look very different right now.
At the very least, it would have forced Apple to reconsider their stance on the walled garden. If say 5 million of those 18 million people did NOT buy a new iPhone, on top of those opting for Android, BB or WP anyway, Apple would leave at least at least $2.2 billion on the table for competitors*. I have a feeling though that is already happening, as Apple's growth has slowed, and their share price has plummeted in the past few months.
Since this is slashdot, I know the Nokia N900 still has a cult following. Imagine if Nokia had been rewarded for its N900 by people buying it instead of jailbreaking their iPhone 3Gs? Identical hardware specs, but sooooo many more features in a completely open garden. We may have continued to have real Linux phones, with QT apps and repositories instead of the JVM garbage we currently consider the best alternative.
* Profit margins on the iPhone 5, similar to the 4s: http://www.zdnet.com/iphone-5-16gb-costs-an-estimated-207-to-build-7000004476/
Then they should fix those, instead of the ones that can only be used if you already have physical access to the phone.
No, they should fix all vulnerabilities that are discovered over a reasonable expected lifespan of the device and that goes not just for Apple but also Android device manufacturers who orphan devices inside of a year after launch.
Don't you have the option to remain jailbroken, jailbreak, or not update to the newest iOS at any given time to keep your JB? If Cydia apps are worth more to you than the increased functionality/methods for appstore apps, then your path seems rather obvious.
Until your device requires a warranty replacement, it fails, falls in the toilet, or whatever. Apple is militant about selling devices with the latest iOS version. You'd have to find a store that hasn't been restocked prior to the last update to avoid having the latest and greatest iOS on your device. So that isn't the perfect solution. It works for most people, most of the time, however.
Billions of songs donloaded
1 million applications available
18 million Jailbreaks.
Priceless.
I haven't thought of anything clever to put here, but then again most of you haven't either.
I can compile and install my own apps without going through the store. You just have to have a developer account (which is not very expensive).
I've heard that argument phrased as "if you can afford several hundred dollars for an iPhone, you can afford $99 a year for a developer account." It's not just about the money, it's about me objecting to a company that acts as a gatekeeper to a device that I own, and that expects me to pay a yearly toll to access some of the functionality of that device... access that could be revoked for any number of reasons with no recourse.
The responsible thing to do for those who are against Apple's walled garden is to not buy or use iOS devices and not producing any software that enables others to do so.
This would clearly be the case if Apple did not insist on locking down devices in ways the consumers don't want. I
...in ways a minority of consumers doesn't want. The vast majority just don't seem to give a shit about jailbreaking.
Bullshit. Most users are perfectly happy with the device [...] but sitting on a flaw for your egoistical reasons is a bad reason.
Hmmm. OK, so a minor correction here: most Mac users are happy with the device. Sure, Apple might have originally spearheaded the current smartphone genre, but they are now trailing in the dust of Google and Samsung because they have done no innovation whatsoever in the last 5 years, other than to make their product skinnier.
Does Apple force upgrades on you? I don't believe it does but I don't own the device so I could be wrong. Also is jailbreaking illegal? In the US it is legal.
You bought the device with the limitations of the device well known and the likelihood of a jail break well known. Apple has said "here is a re-ording of some atom you can use; these features will stop working when you do". The "third party" is not telling you, it is suggesting and being clear about what what it suggestion means.
Next time don't be so stupid in buying a device you KNOW the seller will suggest atom-re-ordering that will break features you want.
So how do I install it on my iPod 4th Gen?
> The main reason to jailbreak an iPhone is to pirate apps.
Yes. Gaze upon the ultimate manifestation of the Apple cult mentality:
If you want to do something interesting, you must "justify yourself". The basic notion of liberty encapsulated by "why not' is totally alien. If you are the least bit creative, you get called a criminal.
A Pirate and a Puritan look the same on a balance sheet.
I'll buy any Android app if I use it enough and/or the app is worthy of it. To name a few:
- Minimalistic Text (because it's awesome)
- Root Explorer
- Titanium Backup
- Better Terminal Emulator Pro & AirTerm
because the item is owned by me I can do to it anywthing I want. If it means I'm going to break copyright or pirate so be it and getting caught is my own problem.
by TheSpoom (715771) Uncaring Linux user here. I have nothing to add to this but please continue. *munches popcorn*
The problem with "voting with your dollars" is that the ballot is not accurate enough. If you decide not to buy the last Michael Bay Bluray, is it because of the DRM ? It might as well be because of too many overlong 1.5 seconds sequences. In fact, it statistically is, as for every one person complaining about the DRM, there are ten who just wanted more sfx
Apple didn't release the patch "to break the jailbreak", but to solve a more severe bug - that someone can take your locked phone and break into it.
Fixing the jailbreak (it was fixing one of the many exploits it relied on) could have been a side effect, or on purpose, but the main fix was to fix the damn privacy flaw.
Of course, everyone concentrates on the jailbreaking aspect, and not the real reason for the fix that everyone knew was coming (and has been demonstrated weeks ago).
So you're extrapolating the anecdotal evidence from your two acquaintances to 18m+ other people?
I had few Android devices. From 2.3.7 phone and table to a tabled with 4.1 version. I am sorry to say that they are just crude in comparison to iOS. Only thing I wish iOS had was the ability to not use stupid iTunes for MP3 adding. I hate the iTunes. The rest of the software is great and reliable. Not the same can be said about the Android even the base apps.
The catch is that while sites like /. are full of people who are vocal about caring, most of the customer base just simply doesn't. Hell, I highly doubt it's actually 18 million people. Given that for instance I'd be counted in that number, except I don't jailbreak my current device. I only jailbreak older devices just to mess with it.
Plus a lot of those are going to be the same people jailbreaking multiple devices.
But lets assume for a second there really are 18 million customers who jailbreak: Then those 18 million customers should tell Apple. If all 18 million customers legitimately (I mean, don't spam, be polite) emailed Tim Cook asking for Apple to add a "Root" mode on the phones, you might just get policy change.
But no, people mess around with it because it's available, but very few seem to make purchase decisions based on it's availability. Apple is going to close these security holes, because they are security holes that are now known to everyone.
First off, I doubt that you've seen that malware for Android. You've heard about it from others. Many of those 'others' who keep on claiming Android is about to be taken over by malware also happen to sell a trinket or two to ward off those bad apps.
Second, Android offers something which iOS does not: the option to install software without going through an 'app store'. If you are happy inside the confines of the 'app store' there is no need to enable this option. The chance of getting any malware on your device will be quite similar to that of any iOS user - probably slightly higher given the less restrictive policies governing this market when compared to the iOS app store but still so low as to be insignificant.
For those who feel the need for more freedom the options on iOS are limited. You can 'jailbreak' the device and install whatever you want. In that case the iOS device is actually more vulnerable to malware than an Android device since Android at least enforces the permissions requested by installed apps and tells the user which permissions apps require. You'll also incur the wrath of Apple who'll do their best to disable the 'jailbreak' on update, refuse warranty service, refuse 'Genius' service (no big loss, that) and make upgrading the OS a haphazard process.
The Android experience is a lot better here: select the option to install 'untrused apps', acknowledge the warning about doom and hellfire awaiting on that end of the street and install away. After installing an 'untrusted' app you can disable this option again, the app will keep on working.
--frank[at]unternet.org
so are taxes?
How are they going to produce jailbreaks if they report it?
It would be irresponsible of them to deliberately collaborate with restricting user freedoms.
Apple hates us for our freedoms!
Is to make sure Facebook integration is comletely disabled...
Given that you (and everyone else) couldn't give a single counter example, I'll take your response as "I don't like your implication, even though it is, as far as I know, 100% factually accurate." Again, Slashdot is where people agree in the most disagreeable ways possible.
Learn to love Alaska
Yeah; Apple is the Morgoth, the First Evil, the Cthulhu, the Sith Emperor and the Voldemort of the IT world. It wants to brainwash you into the Cult of Jobs, control you by every device you own, know your thoughts before you do and crush all alternative sources of products. Oh yeah, and have Balrogs. Balrogs are cool.
I didn't ask anyone to justify themselves. Read my post. See? It says nothing of the sort.
So what are you saying? That one can't point out the thing that motivates most people to jailbreak? That it's unsayable? So much for liberty, you are implying censorship.
You can say whatever bullshit you want to say. He's just calling you out as an asshole that you are. All freedom both ways, no censorship involved.
I've jailbroken my phone using Evasi0n. I'll probably be going back to an un-jailbroken version soon (i.e., when a new patch drops that I care about).
I jailbroke the phone to have access to Auxo. Turns out Auxo crashes on the iPhone 4 constantly (which I reported to the dev; he said they were working on it...they may have already fixed it). I tried a few other things in the meantime: Jukebox, Bulletin, Dashboard X, etc. All they did was make my phone slower and give me no appreciable extra functionality. Bulletin is the one that I stuck with the longest, but it's not that much better than the normal notification centre. Now I've got a translucent notification area and it shows the currently playing song and some shortcuts to configuration options. Ehn.
And the problem I've had with Bulletin have made it a bit of a chore to live with. When there's a bug in the system that unlocks your phone (you can set Bulletin to appear on the lock screen) you can't unlock the phone anymore.
So, yeah, the iPhone isn't perfect. Apple hasn't done absolutely everything right. But I'm a lot happier with the stock build than the jailbroken one. Apple's got something very close to what I want, because I won't shed a single tear when my phone is un-Jailbroken.
If the phone was locked in a way I didn't want, I wouldn't have one. I got this iPhone 4 almost 2.5 years ago, and I'm still pretty happy with it.
I jailbroke it because I wanted to test out the Auxo app switcher. I only bothered with Evasi0n because it's simple. If it had involved any other steps, I wouldn't have done it. And as it happens, nothing that I tested while my phone has been jailbroken has been worth me keeping the phone jailbroken for. When the next half-way significant patch comes out, I'll update and lose the jailbreak.
I don't care about jailbreaks, I'm not going to install one anyway. Ever. I do care about security flaws in the operating system that is installed on hundreds of millions of devices.
Blame Apple for creating a situation where there are many users who, unlike you, do care about jailbreaks. If this were any other piece of software, publishing the vulnerability would have been a no-brainer. But as it is, there is a conflict of interest - even more so as people who do find those vulns are also more likely to want to jailbreak.
If you don't like this arrangement, well, it's not like iOS is the only mobile platform out there...
A few - very few, though vocal on this site - wants to do something they were never promised, and those few put the majority in danger.
What, did they introduce the flaw in question into iOS code base? Was a midnight raid on Apple campus to get to their source control servers involved?
No? Then why are you complaining about them? The only party at fault here is Apple itself, since it 1) introduced the flaw in question, and 2) created an environment where said flaw is actually a feature. Of course people who find that flaw and want to jailbreak (and people who are able to find and exploit such flaws do want to jailbreak) will use it for their purposes instead of reporting it!
Why should they care about people like you, who stampede inside the walled garden and loudly demand for the gates to be locked from the outside? Because there are more of you?
if you sign up for a developer account (dirt cheap compared to your monthly phone bill)
I pay $3 for my monthly phone bill. Developer account is $99 or $8.25/mo. That's not dirt cheap even in comparison.
Besides, why exactly should I pay a third party to run code on the device that I own, again?
... should have been $30, not $3.
Does Apple force upgrades on you? I don't believe it does but I don't own the device so I could be wrong.
My husband is still running iOS5 on both his iPhone and iPad because he hasn't gotten around to updating them. So no they don't 'force' you to update. However the updates are bundled and once you say yes you will get every interim update to the current version without the ability to pick and choose which updates you apply.
Personally I have no issue with keeping my phone 'jailed'. I have no urge to jailbreak it, there's nothing I want to do with it that requires jailbreaking and it is theoretically less vulnerable in it's unbroken form.
I may not represent the typical slashdot user in that respect. I'm quite happy to pay for apps I believe are worth it, I will generally seek out a cheap or free alternative first if one exists - but from the 'approved' channels.
Sara
Designer, Gamer, Macgrrl in an XP World
May be their iPad was bought by their parents for their own use, and then the kid installs the jailbreak.