I’ve seen my fair share of bugs in Springboard, the ubiquitous program which controls the iOS home screen — from cloning app icons to immortal ghost apps to catastrophic rendering fails.

But what exactly is Springboard?

First, let’s dip our toe into computer science theory.

Operating Systems & The Kernel

An OS manages a computer’s resources. Operating Systems typically have 2 components; the Kernel and Userland.

The Kernel creates and manages abstractions on top of hardware — converting CPU, RAM, and SSD into threads, heap memory, and file systems. It also makes basic system functionality available to the software that constitutes Userland.

Want to see the iOS Kernel? It’s right here, on Github. If you spot a way to perform no-click kernel code execution, Apple may just give you $1m.

Now we’ve tested the temperature, let’s caaarefully lower our foot.

Userland

We typically interact with Userland applications (a.k.a. “user space”) when we use any computer — an OS is software programs all the way down.

Userland apps interact with the Kernel via syscalls. These are functions with elevated permissions, not available to third-party apps, which can bypass security protections like memory virtualisation and app sandboxing.

Now we’re primed to paddle in with both feet. Watch your trousers!

iOS Springboard

Springboard? It’s just an app.

A Userland app with, necessarily, elevated system permissions. These enable it to perform feats that iOS devs (outside of Apple or NSO Group) could only dream of, such as reading app metadata in the file system.

NSO Group, please sponsor my Substack 🙏.

Not all Userland apps are created equal: In the secure environment of iOS, Springboard itself hands off to launchd, the daemon king, to invoke the sequence syscalls for jobs such as “launch Twitter/X”:

• open() Twitter/X on the file system.

• read() the binary into memory.

• mmap() to allocate virtual memory for the app’s execution.

• fork() to create a new process in this memory space.

• exec() to start executing the Twitter/X code.

User space permissions enable Springboard to display the home screen, manage windows, and request app launches. And, occasionally, shit the bed entirely. Perhaps that’s just Apple encouraging me to upgrade my iPhone.

I hope this article made a splash.

Dammit, I left my socks on!