Unlike TaiG or Pangu, the YaluX jailbreak (also known as yalu102) was released by an indie hacker named Luca Todesco (@qwertyoruiopz) In the beginning; people were skeptical about the release. The jailbreak was also shipped a bit differently compared to the past utilities such as evasi0n, Pangu, and the like.
With that in mind, it creates concern for many iPhone users who wanted to jailbreak their iOS 10 – 10.2 device. Luckily, major publications and well-known developers have confirmed that it’s indeed a legit jailbreak shortly after.
The problem is, the jailbreak was published as an IPA file to sideload with Cydia Impactor or compiling with Xcode. An Xcode project is a folder with some files which can be edited by anyone who has macOS (with Xcode installed, obviously). So, this means that the Yalu jailbreak can be easily remade to hack iOS devices and send user data such as contacts, and e-mails to hackers.
In extreme cases, a modified version of Yalu jailbreak for harmful hacking purposes can delete your iOS system files. This will eventually make people’s devices impossible to be turned on. The only way out is connecting to a computer and restore via iTunes.
Is it safe to Jailbreak iOS 10.2 with Yalu?
The answer is yes and no. I’ll first explain how someone can turn a simple Yalu jailbreak into a hacking tool that steals user’s personal data and information.
When you launch the YaluX jailbreak app and press the go button, it first checks if the file named installed_yaluX exists in the root folder of the device. If it does, the app simply re-enables mobile substrate and resprings your device. But if the file doesn’t exist, the app creates it and extracts the archive called bootstrap.tar which is located in the app directory and has the Cydia app inside it.
That being said, hackers can always make Yalu extract the archive without even checking if the installed_yaluX file exists and extracting the archive on all the devices which are on iOS 10.2 or lower. You’ll probably think, “there’s nothing bad, it just extracts Cydia!”
But wait, I haven’t finished yet…
The bootstrap.tar file has Cydia inside it, but who said you couldn’t remove Cydia and put something else there? A hacker can do the following:
Put a custom app inside the bootstrap.tar file, name it Safari, put the same icon, and place it into the system applications folder. When someone decided to open their Safari browser app, their data will also be sent to the hackers, or as I mentioned earlier, the device will stop working altogether.
How can I protect myself?
The Yalu102 jailbreak is safe to use. However, you must obtain it from a reliable source, preferably the official developer site. You can click here to visit Luca’s page where he currently hosts the latest version of yalu102 and mach_portal+yalu.
We previously posted a roundup of some cool custom versions of Yalu. The IPAs mentioned in that article is trustworthy and is recommended to use if you’re a beginner who has difficulty jailbreaking your iOS device using the official yalu .IPA file.
After all, iOS malware does exist, but it’s very, very hard to do without an exploit or an open-source jailbreak.