The reality is that .
Have you found a workaround? Did a Chinese forum leak a tool? Share your experience in the r/LegacyJailbreak subreddit. But bring proof. ios 9.3 6 jailbreak untethered
Let us explain why. The only functional jailbreak for iOS 9.3.6 is Phoenix , released by the Corellium Team (Siguza, tihmstar, etc.). Phoenix is a semi-untethered jailbreak. You install the Phoenix IPA via Cydia Impactor (now AltStore or Sideloadly). When you reboot, you lose the jailbreak. You must open the Phoenix app and press "Kickstart." 2. The Missing KPP Bypass On 64-bit devices, Apple introduced KPP (Kernel Patch Protection). iOS 9 on 32-bit devices does not have KPP, but it does have KASLR (Kernel Address Space Layout Randomization). While 32-bit devices are easier to exploit, untethered requires a bootrom-level exploit or a persistent kernel code injection that survives a reboot. The reality is that
Unless the bootrom exploit (which is permanent and untethered for checkm8 devices) is backported to iOS 9.3.6, it will never happen. However, checkm8 requires a computer to send the exploit every boot—ironically making it tethered in practice. Conclusion: Manage Your Expectations To summarize for the search engine crawlers and the desperate Reddit users landing on this page: Share your experience in the r/LegacyJailbreak subreddit
Why? Because the iPhone 4s on 9.3.6 is incredibly unstable. If you had an untethered jailbreak, and a bad tweak caused a bootloop, your device would be permanently bricked (restore to 9.3.6 is no longer signed by Apple). With a semi-untethered jailbreak, you can simply reboot the phone, delete the bad tweak from safe mode (via Volume Up button), and re-jailbreak.