Jailbreaking devices gives users additional control over the devices at the cost of security. The lack of security makes these devices an easy target for malware and cyber attacks. This poses a risk for the corporate data on the mobile devices. Thus to ensure security of corporate data, it is recommended that jailbroken devices must not be used in organizations. Mobile Device Manager Plus MSP allows organizations to detect jailbroken devices in the network and also remove these devices once they are detected. These devices then cannot be enrolled into Mobile Device Manager Plus MSP and thus lose access to corporate data.
This document explains how Mobile Device Manager Plus MSP identifies jailbroken devices
A device is marked as jailbroken if any of the following conditions are met
If any of the following files are found on the device
This is the simplest method to detect if a device is jailbroken. Mobile Device Manager Plus MSP checks if any of the following files, which are common to jailbroken devices, is present on the devices. If it is present, then the device is considered jailbroken.
If the devices can access files or folders outside the application sandbox
Among the list of additional controls attained upon jailbreaking devices is access to files and folders outside the application sandbox on the device. If an application can read or write outside the application sandbox, then the device can be considered as jailbroken.
Once the devices are marked as jailbroken, the admin can enable a setting by navigating to Enrollment -> ME MDM app (under iOS) and enabling the setting on detecting jailbroken device to remove them from management.