iphone - Why SandBox in iOS 6.1.1 still exists for App even after I have jailbreak?

Question

My installed App is signed with an Ad-hoc certificate. But it is designed only for jailbreak iPhones.

I try to directly read the SMS database in /var/mobile/Library/SMS/sms.db. But I found the app can't read it because the SandBox process denied the action. So my question is whether the SandBox is removed after the iPhone is jailbroken?

(And now I think the apps in /var/mobile/Applications/ are still restricted by the SandBox. The process of jailbreaking does not removed the SandBox in this directory?)

Answer 1

Unfortunately, you guessed correctly. On a jailbroken device, apps installed to the normal location (/var/mobile/Applications/) are still sandboxed (* see comments below).

The jailbreak does not completely remove the sandbox.

It allows you to run code that's not signed by valid Apple certificates. It therefore also allows you to install your app to different locations.

If you install your app to /Applications/, however, it will be able to read /var/mobile/Library/SMS/sms.db, as I describe in this answer. As a system app, you'll be outside the sandbox.

This has nothing to do with Objective-C, or Cocoa Touch, versus C APIs. It wouldn't be much of a sandbox if all you had to do was use well-known C I/O calls to escape it.

See this other similar answer (to a closed question), for some related discussion.

---

Update: see saurik's comments in this online thread. The summary is that different jailbreaks (e.g. evasi0n, Absinthe, redsn0w) can affect the sandbox in different ways. Saurik's recommendation is certainly that they not be removed entirely.