Open iPhone: unsandboxing apps on pwned development iPhones

So you pwned your 2.0 dev phone. Now what? How about using your SDK to build apps that you can run outside the sandbox. Here's how.

The iPhone OS restricts all SDK development to application “sandboxes” for the sake of security. The iPhone sandbox limits your application’s access to the file system to a minimal set of folders, network resources, and hardware. It’s like attending an overly restrictive school with a paranoid principal, where you can't share your toys and you can't visit anyone else's sandbox.

First, move the application and only the application out of the sandbox. I've been putting my apps into /var/root/Applications but anywhere on the Media partition will work. Make sure the permissions hold and that you've taken the entire app bundle.

Second, create a symbolic link from the /Applications folder, e.g. ln -s /var/root/Applications/MyApp.app /Applications/MyApp.app. This creates an application that appears to live in the right location without sacrificing any precious OS partition space.

Third, use my 2.0 appLoad utility to tell springboard to acknowledge the new application. It appears on your screen with its icon and can be tapped and used. If at any time you remove applications, use appLoad with one argument, e.g. appLoad whatever, to unload now non-existent app icons.

Be aware that "freed" applications still maintain many of the sandbox limitations, including the read-access limits they were built with. If you want full access to the OS, you'll need to build your apps with the open toolchain. Also note that you can no longer launch apps directly from the command line. Either tap from Springboard to launch or use my command line launch utility. It takes one argument, an application id, and allows you to run programs without Springboard interaction.