Apple Pay

With the introduction of Apple Pay paying for purchases has become much easier and secure for iPhone users. However those who jailbreak their devices wonder whether jailbreaking makes the highly secure Apple Pay feature of iPhones less secure. One user who had the same concern took it to Reddit to find the right answer. On the very informative thread that can be found here several people responded to the question “Is Apple Pay less safe when jailbroken” while explaining how the answer to this question is no. The answer that is backed by explanation comes as a relief for users who have entered their credit card information in iPhone’s Apple Pay functionality, that is also jailbroken.

Reddit users beetling and Phronipticus clearly explain that Secure Enclave, which stores user’s fingerprint data cannot be compromised even if the device is jailbroken. Similarly Secure Element, which stores user’s credit card information is also inaccessible even after getting the root access of the iPhone (something i.e. possible after the jailbreak). Additionally the device only shares encrypted data with the apps or tweaks that request this information without giving away the credit card or fingerprint of the user.

If you take an important phrase from that such as “Secure Enclave” and google it with “jailbroken”, you get this /r/jailbreak thread which quotes Apple explaining in that technical document that Secure Enclave is designed to work even on jailbroken devices. If you google “Secure Element” and “jailbroken”, you don’t get much. You can guess from those search results that nobody has broken these things (that the public knows of), since that would be big news that would show up in the searches.

Credit card information is stored in the Secure Element, and fingerprint data is stored in the Secure Enclave. From what I understand (correct me if I’m wrong, please), neither can be accessed even with root access. Data is encrypted and passed along to apps/tweaks that request it (like the 1Password app or the BioLockdown tweak that access fingerprint data). But actual fingerprints and credit card numbers are never sent or accessible.

So if you are worried about using Apple Pay on your jailbroken iPhone 6 or 6 Plus, don’t be.

Tags: , , , , , ,