Is called Single App Mode (single app mode, in Europen) the iOS feature designed to allow iOS device administrators to limit device use to a single application. This mode is often used in corporate, institutional or educational environments where it is necessary to ensure that a terminal iOS is used only for specific purposes and to prevent access to other applications or features of the device.
Once activated Single App Modethe iOS user can only use one application, the Home button and the gesture navigation are disabled. Apple Configurator allows you to decide the devices on which you want to enable it single app mode as well as determining which app will be the only one available for use.
The researchers of WithSecure (formerly F-Secure) have however discovered that the Single App Mode of Apple can be easily bypassed.
Overcome Single App Mode and launch any application you can
During a recent audit on safety of iOS-based devices, WithSecure researchers have identified a series of issues that, when chained together, can allow an attacker to escape single-app mode and thus gain access to any stored information.
WithSecure experts explain the steps described, which allow you to overcome Single App Mode, have been successfully tested on a 9th generation iPad (iOS 16.4), as well as on iPhone 11 and 12 (iOS 16.5 and 16.6). The company assumes that all iOS devices are potentially affected by the same issue.
Steps to unlock iOS and get it out of single app mode
- Press the Sleep/Wake button to turn off the screen.
- Press the Sleep/Wake button again to wake up the screen.
- Place your finger near the battery icon in the top right corner of the interface and swipe down from there (2-3 cm on 9.7″ iPad, less on smaller devices).
- Your device should open the panel Siri Suggestions up.
- Try continuously entering text into the field Siri Suggestions. When the text field begins accepting and displaying input, proceed to the next step.
- If the UI is responsive and text appears in the box, you can continue with the following steps. If the device still does not respond or if the box Siri Suggestions disappears, you must repeat the procedure from the beginning.
- Press the Sleep/Wake button to turn off the screen.
Wait approximately 30 seconds. - Press the wake button from sleep mode to wake up the screen. If the device does not respond, you need to wait a few more seconds.
- Swipe up with your fingers. This should cause it to display from the Home screen, resulting in you exiting single app mode.
From this moment on the user can interact with the device as if it had never been put on Single App Mode. This state persists until thekiosk application original is not reloaded. If your Apple device is not protected with a passcode o l’biometric authenticationthe attacker would be able to access confidential material stored on the device and modify all saved information and settings.
Apple does not consider the vulnerability a real security issue
WithSecure technicians point out that the security problem detected in iOS has to do with a race condition present in Apple software. A race condition at the operating system user interface level, as in this case, it is a problem that occurs when two or more processes or threads try to access or modify resources from the GUI at the same time (Graphical User Interface), thus creating a situation in which the behavior of the underlying platform becomes unpredictable. There race conditionif exploited, can cause errors, blocks or allow security measures to be overcome.
WithSecure says it responsibly sent a private report to Apple as early as April 2023. Apple responded that it did not consider the bypass in question as a real security issue: “qThese features are not intended to protect a device from manipulation by malicious users, and physical security remains an important part of protecting data on your iPad, iPhone, or iPod touch“.
The company formerly known as F-Secure has disputed Apple’s claims by making claims that the official documentation are Single App Mode it makes no mention of the fact that the same functionality should not be considered a security measure. After allowing all the material time to adequately manage the report and issue a corrective patchWithSecure shared details about the issue today.
The company itself specifies that precisely because it is one race conditionit may not be possible unlock an Apple device protected with Single App Mode on the first try.
