Jailbroken (or rooted) devices are compromised devices where, for Apple, the operating system has been modified to allow greater control and bypass Apple restrictions, or, for Android, the user roots the device to bypass various other restrictions. This can result in numerous complications, especially when those devices are company-issued. Voided warranties, downloaded malware, blocked access to app stores, and even bricking the device are all possible consequences.
With the newly released “Security Center” in dashboard, the Cisco Meraki team has made it easier than ever to spot these jailbroken devices and also determine why a device may be at risk.
There are several methods that Systems Manager uses to detect a jailbreak. For instance, it checks for the existence of certain apps, like Cydia, that are only available on jailbroken devices. Systems Manager can also detect if there is write access over certain root folders, which only occurs if a device is jailbroken. It can even check to see if an app can handle certain commands or prefixes that would be opened in apps associated with jailbroken devices.
Navigate to Security > Auditing, adding the fields like At risk?, Jailbroken, and Reason, to actively monitor the security of enrolled devices. In Security > Reporting, schedule emailed Systems Manager security reports to monitor all devices or choose to only report those that are failing. If enrolled jailbroken devices are discovered, choose a preferred remediation action, including enforcing a more restrictive Systems Manager profile or even revoking VPN or WiFi access.
Stop wondering about the status of enrolled devices and take charge of maintaining MDM security.