"[I]t may be feasible to detect jailbreaks of a specific version or type, but they will still be trapped in the cat and mouse game they play with jailbreakers," says Jeremy Allen, principal consultant with Intrepidus Group, a security consulting firm. "Whatever they add [in the OS] to detect the jailbreak, if it is to be queried from the iOS kernel, it must be accessible and have the ability to be changed. Meaning, if it is going to be a useful detection method it can also be circumvented. It is a fairly intractable problem to solve 100%."

For a group of computer-savvy end users, jailbreaking is an unalloyed benefit, not to mention a civil right, letting them load any applications they wish. But for enterprise IT, jailbroken iOS devices create a serious security threat.

"When jailbreaking and or rooting a [mobile] device, the goal is to circumvent or disable the pieces of the OS and platform that keep applications in a sandbox and running with limited privileges," on trusting mobile platforms. "These devices could be difficult, or even impossible, to enforce security policy on as the user can trivially circumvent the policy enforcement without the management servers being aware of it."

MDM vendors such as Good Technology, and Sybase all claim to be able to detect jailbroken iOS devices without the disabled Apple API. Typically, their on-device apps, in conjunction with the server, run a series of checks or try to do things that are forbidden by Apple, such as accessing certain underlying OS primitives. If the app can take these actions, it reports back that the device is jailbroken, and then can block or restrict access to the corporate network.

These techniques are not foolproof, cautions Intrepidus' Jeremy Allen.