Prominent iOS security researcher and creator of the Yalu jailbreaks Luca Todesco announced yesterday his withdrawal from the jailbreaking scene. Along with some parting pieces of advice, he made clear that he will no longer be involved with the creation of public tools for the circumvention of Apple’s iOS “walled garden”.
The reasons for Todesco’s disappearance from the community are not given, but are perhaps not impossible to discern. He has often expressed frustration with the harassment and abuse he receives from over-eager jailbreakers, as well as the pressure to release free tools which began for him as a mixture of private challenge and work-related research. Add to this the demands of a budding career and it’s not hard to see why he has decided that remaining in the jailbreaking public eye is no longer for him.
Whilst this is undoubtedly a shame for jailbreakers everywhere who have profited by his work, we can at least be thankful for having received from him the only two public iOS 10 jailbreaks to date, yalu1011 and yalu102. In time, his original Yalu tool for iOS 8.4.1 may also come to be of use, having inspired and been incorporated into an alleged upcoming jailbreak from FriedAppleTeam.
His statement has been misinterpreted by some (as all his statements are) as implying that he is working on a final tool, perhaps a jailbreak for iOS 10.2.1, but this seems unlikely. Todesco has clarified on more than one occasion that his recommendation that people who are currently on iOS 10.2.1 remain there is just that, a recommendation. It signifies only that iOS 10.3 contains many bug fixes which make jailbreaking more difficult, and that remaining on the lowest possible firmware is always a good idea. iOS 10.2.1 is more likely to be jailbroken than iOS 10.3, though neither will be by him. Todesco’s comment on iOS 10.3’s security content supports this fact. Of course, if you are currently on a firmware lower than iOS 10.2.1, do not update.
I’d also second Todesco’s other piece of advice in his “resignation letter”; save your blobs. As advised by me in a recent article, as well as proven by an upcoming tool I reported on a week or so ago, blobs often come in useful in ways that were not foreseen at the time. By the time these tools arrive it’s too late to save them, which is why jailbreak developers have always advised saving your blobs regardless, so that you’re ready when the time comes. Prometheus and Odysseus are two downgrade tools which prove the utility of this practice, and the upcoming tool I alluded to is yet another powerful example. Todesco clearly thought the advice important enough to include in a triptych including his resignation.
It’s unclear whether Todesco’s being “done with jailbreaking” refers to the release of public tools, the personal practice of tweaking his own devices, or the research and development of iOS exploits in general. I’d imagine he is referring to the first of these only, unless he is moving his professional interest to a different platform of security research. I for one would appreciate continuing to see his progress in the arena of jailbreaking, even if only to know that it can be done. For many, seeing evidence of his private jailbreaks is cause for furious anger, but I am happy to follow his research without seeing public releases, even if the interest is academic.
It remains to be seen whether Todesco will continue to collaborate with others in the community, or to offer advice and/or bugs in a diminished capacity to any future projects. For now, those of us who have one can continue to enjoy our iOS 10 jailbreaks thanks to his work.