It’s an independent, third-party installer application for all the iDevices. Developed by Jay Freeman (Saurik), it’s similar to the official App Store. However, it brings apps and tweaks that can be downloaded for free or for a small charge. You get to use apps that wouldn’t have been possible otherwise. If you are wondering, why we need Cydia to add new tweaks, Simple, because it offers you what Apple doesn’t. For example, you can only set audio ringtones for incoming calls on iOS. VUZIQ is a new Cydia tweak available through the BigBoss repo which allows you to set video ringtones for incoming iOS calls, and it’s free. None the less, Installous which is the best app to get from Cydia, it will let you install all the apps (Free & premium) on your device
BigBoss, one of the default repositories for jailbreak tweaks in Cydia, has allegedly been hacked by an individual or a group of individuals whose identity is still unknown.
The attackers were apparently able to gain access to all packages (paid and free) that are available in the BigBoss repo, and made the deb index and database available for download. The assailants went as far as creating a new repo which can be added to Cydia to download all BigBoss-hosted tweaks.
As is always the case when this type of security breach happens, jailbreak users should be cautious and stay away from this
This claim was made by a group called ‘Kim Jong-Cracks’ who are seemingly big fans of the North Korean dictator.They say that they have gathered 13,943 items from the repository that amount to 19,460.6MB of data. A feat that took them ’2 years’ to achieve. They call this hacked version of BigBoss repo the ripBigBoss.
This article mentions malware being potentially injected into the BigBoss repository; we do not believe this to be the case. Packages in Cydia repositories are cryptographically verified from the repository package index. I have an index of all historic changes to the package indices for default repositories, and have verified that the content on BigBoss did not change in ways that the repository administrators did not expect.
Regarding malware in the ripbigboss repo: I downloaded all the packages and checked their MD5s against the MD5s listed by bigboss.
All the packages had matching checksums other than the ones listed here:https://ghostbin.com/paste/6xsdz
Any packages not listed are guaranteed not to have malware. Other packages probably don’t either, but I haven’t explicitly checked.