Jailbreak on iOS is a process that removes the software restrictions imposed by Apple and grants administrator permissions to modify system files.
However, some of the exploits available to perform a Jailbreak only affect specific hardware generations and, moreover, due to the evolution of the applications themselves, recent iOS versions are often required for proper execution, where a stable public Jailbreak most likely does not exist.
Auditing iOS applications without requiring device Jailbreak is now a reality. To audit effectively without Jailbreak, it is important to master four key elements that define the scope and possibilities of the assessment: sandboxing, Developer Mode, FairPlay Encryption, and Frida.
The Four Key Elements
The iOS sandboxing model is the conceptual foundation. Each application runs inside its own container with very limited access to the system and other apps, which forces the auditor to focus observation within the process itself (local application files, runtime memory, configurations, and traffic) rather than having global visibility of the system.Developer Mode is the second practical element. It is an iOS feature that allows signing, deploying, and debugging builds on physical devices when the user explicitly enables that mode. It does not grant root access or disable the sandbox, but it enables legitimate testing capabilities (debugger attachment, Xcode usage, mounting developer disk images) that facilitate instrumentation without altering the system.
FairPlay Encryption is the third consideration. Applications distributed through the App Store may include distribution protections that make it difficult to obtain a useful binary for reversing or repackaging. Therefore, for audits without technical friction, it is preferable to work with an IPA or development build provided by the client, which reduces time wasted bypassing protections that are irrelevant to functional security.
Finally, Frida represents the dynamic instrumentation component. It is the framework that allows runtime function hooking, argument inspection, return value modification, and validation of the application's actual behavior. In Jailbreak environments it is normally used with a server running as a service (frida-server), but without Jailbreak the practical approach is to use a signed debug build that includes the get-task-allow entitlement, allowing attachment from macOS using Frida Gadget while keeping a laboratory sample as close as possible to the original application.
How to Implement a Laboratory Environment?
Setting up an effective laboratory without Jailbreak requires careful preparation of the environment so that dynamic techniques and captures are reliable and reproducible. The minimum requirements include an Apple Developer account (the modality associated with Xcode is usually sufficient for test deployments), a macOS workstation with Xcode installed to sign, deploy, and debug, an iPhone with Developer Mode enabled and the corresponding Developer Disk Image mounted when necessary, and a traffic interception tool (for example, Burp Suite) configured on the device to analyze HTTP communications.The typical workflow starts by obtaining an IPA or development build from the client. With the help of Xcode and by creating a new project, provisioning profiles can be generated automatically.
iOS App Signer is a macOS application that allows applications to be re-signed and packaged into IPA files ready to be installed on an iOS device. In addition, it allows signing with the get-task-allow entitlement. It uses certificates and provisioning profiles from the Xcode cache.
Installation of the signed application can be performed using tools such as ideviceinstaller.
Once the application has been installed, in order to attach with Frida Gadget, the library must be available in the Frida cache. To do so, it is first necessary to download gadget-ios.dylib.

Finally, Frida can be used normally, both for loading custom scripts and for working with the Objection suite.

In conclusion, auditing iOS without Jailbreak is no longer simply an alternative, but a fully valid methodology and, in many cases, the most realistic approach for working with current devices and iOS versions.