Run ANDROID on an iPhone? Are you SERIOUS?!? – Naked Security

We did a double-take when we saw the tweet.

In hindsight, we’re not sure why, because the announcement was short, even for a tweet, and entirely unambiguous:

IT’S ANDROID. FOR THE IPHONE.

Introducing Project Sandcastle: Android for the iPhone. We’re excited to see what the developer community builds fr… twitter.com/i/web/status/1…



Corellium (@CorelliumHQ) March 04, 2020

And it really is as simple as that.

Actually, if we’re honest, it’s not quite that simple, as you can see if you look at the “what works” matrix on the Project Sandcastle website.

Run ANDROID on an iPhone? Are you SERIOUS?!? - Naked Security 1
The “what works by model” matrix shortly after the project was announced.

[Screenshot at 2020-03-05T18:30Z]

The green continents and islands denote the components in each device that work properly, while the pink oceans are the bits that you can’t use.

In other words, the phone part of your phone – the row labelled Cellular – won’t work anywhere, so the one thing you won’t be turning your iPhone into is, to put not too fine a point on it, a phone.

Likewise, no audio, even on an iPod; no camera; no Bluetooth; and on some devices, no display.

But the really bad news is the CPU row, which has only three green squares, and tells you that the Sandcastle builds will only work on iPhone 7 devices (and the iPod 7G) for now.

If you happen to have a surplus-to-requirements iPhone 7 lying around, and you decide to give this Android thing a spin please let us know in the comments how you got along. (Some users are reporting serious overheating issues, so take care out there!)

Jailbreaking revisited

Freeing up Apple iDevices to run alternative firmware builds has always divided the IT industry’s opinion – even if all you want to do is run an official iOS version configured in a non-standard way, for example with an SSH server running so you can log in on the command line from your laptop.

It’s known as jailbreaking, a loaded metaphor that different observers interpret in interestingly different ways.

To some, jailbreaking represents a righteous fight for digital freedom, assuming that you’re jailbreaking a device that you bought yourself with your own after-tax income.

To others, it’s evidence of a scofflaw attitude to digital society, typically carried out to get rid of lawfully implemented controls over intellectual property. (Meaning: people do it so they can pirate stuff.)

Indeed, Corellium, the company behind Project Sandcastle, has only two blog postings on its website, and they relate to legal action from Apple to do with “freeing up” iPhones.

But, as Corellium points out on the Sandcastle page:

Android for the iPhone has many exciting practical applications, from forensics research to dual-booting ephemeral devices to combatting e-waste. Our goal has always been to push mobile research forward, and we’re excited to see what the developer community builds from this foundation.

We’re particularly sympathetic to the idea of “combatting e-waste”, not least because the only way to keep using an iPhone after Apple stops supporting it if you don’t use a jailbreak is to run it indefinitely without any security updates.

In other words, if you prefer to repurpose rather than to recycle/replace old electronics (because we know you’d never dump old phones into landfill), then you’re on the horns of a dilemma.

Either you have to figure out your own security fixes and then jailbreak to apply them, running the risk of being called a scofflaw yourself.

Or you have to run the gauntlet of the scofflaw cybercriminals who already have access to a range of attacks that they know you won’t – can’t, in fact – have patched against.

What to do

For the record, we usually end any stories of this sort by advising against allowing jailbroken phones on your business network – indeed, our own Sophos Mobile product helps you to keep jailbroken and rooted devices at arm’s length if that’s what you want.

That’s for the uncomplicated reason that, for IT staff at work, “life’s already too short” without having to deal with mobile devices that are in an unknown and untested state. (In other words, while jailbreaking may allow you to improve security, it frequently, if inadvertently, does the opposite.)

In this case, we don’t think we need to add a “don’t try this at work” warning, given how limited the range and functionality of the current Sandcastle builds are.

If you do want to try it at home, however, you can indeed have Android on your iPhone, provided you don’t want to make any phone calls (although without audio you wouldn’t be able to hear them anyway), as long as you have an iPhone with a model number greater than 6 and smaller than 8.

As Corellium itself says:

Android for the iPhone is in beta and has only had limited testing. Any impact on battery, performance, or other components is unknown. Please use caution in installing and using this version.


Read More

Add Comment