Will fork() in iOS app likely be rejected by Apple's vetting process?

Question

I'm writing a mechanism (in an iOS app) to detect whether a device is jailbroken by checking for App sandbox's integrity by doing a fork();. Does anyone know if attempting this call would violate App Store guidelines?

It's been awhile since you've asked this. Were you able to get an app into the store with `fork()`? I'm curious. — mpontillo, Jan 26 '15 at 23:36
I'd like to know too - I've got an app that's a wrapper around a Unix cmdline utility and it would be far easier if I could `fork()` and then call that utility's `main()` function than to run it in a thread [ the utility has many places it can call `exit()` so a forked process would be better than a thread ] — Alnitak, Mar 30 '16 at 11:45

score 10 · Answer 1 · answered Jun 26 '15 at 11:23

10

fork() (and other) will not get you rejected; operations that are denied by the vanilla os cannot be reproduced while in submission. I have applications on the appstore that use fork() and system() calls to check for jailbreak environment and none of them got rejected for this :)

answered Jun 26 '15 at 11:23

Horia Hodis

101
1
3

Could you maybe let me know how are you calling fork? With my implementation it still return -1 even on jailbroken devices. – Paweł Zgoda-Ferchmin Jan 30 '20 at 10:31

zakinster · Answer 2 · 2013-04-09T09:12:59.230

5

You can't create new process in an iOS application on a non jailbroken device (you would get an error such as "Operation not permitted"), but you can create new thread using pthread library.

Edit : But if you're trying to detect whether a device is jailbroken, I don't think that would violate the store guidelines just to 'try' to do a fork, but it's more a legal question than a technical question.

I found nothing in the app store guidelines that forbid the use of calling some low-level API. Which is logical, since jailbreak doesn't exist, what would they forbid you to do something that you're not able to do ?

The closest things I found are :

Apps that read or write data outside its designated container area will be rejected
Apps that download code in any way or form will be rejected
Apps that install or launch other executable code will be rejected

edited Apr 09 '13 at 09:12

answered Apr 09 '13 at 08:54

zakinster

10,508
1
41
52

2

You would actually just get a return code of `-1` if you call `fork()` on a normal iOS device. (and maybe something like `Tue Apr 9 03:06:41 unknown sandboxd[84] : HelloWorld(80) deny process-fork` in your log) The OP is definitely wanting to call this simply to see if it works. – Nate Apr 09 '13 at 10:09
Yes I misunderstood the question at first, that's why I edited my response. – zakinster Apr 09 '13 at 10:12

score 0 · Answer 3 · answered Oct 22 '13 at 04:25

fork(2) may get you rejected. If your purpose is to check if the device is jailbroken, you can check the existence of APT.

From my experience, an app that tries to check if a folder exists at /private/{etc,var}/apt (APT's configure and cache directory, required by Cydia to work but does not exist on vanilla iOS devices) exists using NSFileManager does not get rejected.

Will fork() in iOS app likely be rejected by Apple's vetting process?

3 Answers3

Linked