Let us explain why. The only functional jailbreak for iOS 9.3.6 is Phoenix , released by the Corellium Team (Siguza, tihmstar, etc.). Phoenix is a semi-untethered jailbreak. You install the Phoenix IPA via Cydia Impactor (now AltStore or Sideloadly). When you reboot, you lose the jailbreak. You must open the Phoenix app and press "Kickstart." 2. The Missing KPP Bypass On 64-bit devices, Apple introduced KPP (Kernel Patch Protection). iOS 9 on 32-bit devices does not have KPP, but it does have KASLR (Kernel Address Space Layout Randomization). While 32-bit devices are easier to exploit, untethered requires a bootrom-level exploit or a persistent kernel code injection that survives a reboot.
Key developers (tihmstar, Siguza, Luca Todesco) have publicly stated that they have no interest in developing an untether for 9.3.6. The effort required to weaponize a new iBoot bug or bootrom exploit for a 32-bit device is immense, and there are no financial incentives (bug bounties for old firmware are zero). ios 9.3 6 jailbreak untethered
Why does this matter? Because iOS 9.3.6 is the . After this, the iPhone 4s and the original iPad mini were relegated to the history books. Let us explain why
That safety net is worth the extra tap of "Kickstart." The jailbreak development community has moved on. The last untethered jailbreak for any version was iOS 9.0.2 , released over eight years ago by Pangu (which they quickly patched in 9.1). You install the Phoenix IPA via Cydia Impactor
Unless the bootrom exploit (which is permanent and untethered for checkm8 devices) is backported to iOS 9.3.6, it will never happen. However, checkm8 requires a computer to send the exploit every boot—ironically making it tethered in practice. Conclusion: Manage Your Expectations To summarize for the search engine crawlers and the desperate Reddit users landing on this page: