Jailbreak Detection

Jailbreak Detection enables administrators to identify compromised mobile devices enrolled in the MDM platform.

Jailbreaking (iOS) removes manufacturer-imposed restrictions on iOS devices, allowing unauthorized apps, system modifications, and elevated privileges.

Rooting (Android) grants administrative (root-level) access to the Android operating system, bypassing built-in security controls.

Detection is critical for maintaining device compliance and protecting organizational data. Compromised devices pose significant security risks including:

  • Unauthorized access to corporate data

  • Installation of malicious applications

  • Circumvention of security policies

  • Increased exposure to data breaches

The Jailbreak Detection feature helps ensure that only secure, compliant devices can access corporate resources in the following ways:
  • Compromised devices are automatically identified
  • Administrators receive alerts
  • Automated or manual remediation actions can be triggered
  • Compliance reports can be generated for audits

Supported Platforms

The Jailbreak Detection feature supports:

  • iOS Devices
    • Pre-enrollment detection
    • Post-enrollment continuous monitoring
  • Android Devices
    • Pre-enrollment detection
    • Post-enrollment monitoring using integrity validation mechanisms such as Google Play Integrity (formerly SafetyNet)
    Both platforms provide consistent compliance visibility within the BigFix WebUI.

Prerequisites

  • The Jailbreak Feature must be enabled through Feature configuration page in BigFix WebUI.

  • Devices must have internet connectivity to report their status.1

Pre-Enrollment vs Post-Enrollment Detection

Pre-Enrollment Detection

Devices are evaluated for jailbreak/root status before completing enrollment.

If a device is compromised:

  • Enrollment may be blocked

  • A warning may be displayed

  • The device may be restricted based on policy configuration

Post-Enrollment Detection

Enrolled devices are continuously monitored.

If a device becomes jailbroken or rooted after enrollment:

  • The device is marked non-compliant

  • An alert is generated

  • Policy-based actions are triggered automatically (if configured)

How to Monitor Jailbroken or Rooted Devices from the WebUI

Administrators can monitor the status of devices using the following BigFix WebUI views:

  • Dashboard & KPIs

    • The dashboard provides an overview of security status, including the total number of compliant devices and non-compliant devices.

  • Device Grid (Main View)

    • The status is displayed under Jailbreak/Root Status column using color-coded indicators: Green (Compliant), Red (Non-Compliant/Compromised), and Grey/Yellow (Unknown).1

    • To view the status column, navigate to Devices, click the column customization icon, and select Jailbreak/Root Status.

  • Device Details Page

    • Clicking on a device opens the Device Details page which provides the current jailbreak/root status including:

      • Current jailbreak/root status
      • Last scan date and time
      • Detection logs
      • Policy compliance summary
      • Available remediation actions

      This page provides a detailed audit trail of the device’s security posture.

  • Manual Status Update

    • If a device shows an incorrect status or you need to force a data sync, you can:

      • Use the Send Client Refresh action for Android.

      • Use the Scan for jailbreak status action for iOS.

Status Description
Compliant Device is secure and not jailbroken/rooted
Non-Compliant Device is detected as jailbroken/rooted
Unknown Status cannot be verified (device offline, scan pending, or missing data)
Example Scenarios
  • A user installs unauthorized software → Device becomes Non-Compliant
  • Device has not checked in recently → Status appears Unknown
  • Device passes integrity checks → Marked Compliant

Device Grid Indicators and Visual Cues

The device grid displays jailbreak/root status using:

  • Status icons
  • Color indicators
  • Compliance labels

Example:

  • Green indicator → Compliant
  • Red indicator → Non-Compliant
  • Grey/Yellow indicator → Unknown or Pending

These visual cues allow administrators to quickly identify security risks.

Status Definitions and Recommended Actions

Status Meaning Recommended Action
Compliant No jailbreak/root detected No action required
Non-Compliant Jailbreak/root detected Review and apply remediation (unenroll/wipe)
Unknown Detection data unavailable Trigger manual scan or verify connectivity

Device Grid & Filters

Adding Jailbreak / Root Status Columns

To display jailbreak/root status in the device grid:

  1. Navigate to Devices.
  2. Click the column settings or customization icon.
  3. Select Jailbreak/Root Status.
  4. Apply changes.

The status column will now appear in the grid.

Sorting and Filtering Devices

To filter devices by compliance:

  1. Click the filter icon in the device grid.
  2. Select Jailbreak Status.
  3. Choose:
    • Compliant
    • Non-Compliant
    • Unknown
  4. Apply the filter.

This allows quick identification of at-risk devices.

Searching for Specific Devices

To locate a device:

  1. Use the search bar at the top of the grid.
  2. Enter device name, serial number, or user.
  3. Press Enter to filter results.
Time-Based Filters and Scan Counts

Administrators can filter devices by:

  • Last scan date
  • Scan frequency
  • Devices not scanned within a defined time period

This helps identify outdated compliance checks.

Dashboard & KPIs

The dashboard provides a summary of device security status, including:

  • Total devices scanned
  • Number of compliant devices
  • Number of non-compliant devices
  • Devices pending scan
Key Performance Indicators (KPIs)

The KPIs include:

  • % of compliant devices
  • % of non-compliant devices
  • Trend of jailbroken/rooted devices over time
  • Average scan frequency

These metrics provide insight into overall security posture.