You can normally read from outside the sandbox on iOS: there are data in /usr/lib and /usr/share that are important to libraries shipped as part of the dyld cache (also incidentally found outside of the app container.)
The main question is: what exactly lays outside the sandbox? A good thing to search for could be Cydia, but there are alternative package managers. MobileSubstrate isn't a sure bet either, but I suppose it's a far cry safer than Cydia. An additional method could be trying to map a page you can both write to and execute, which should fail unless specific kernel patches indicative of a jailbreak have been applied (or you're a webview with Nitro enabled.)
The best method, however, is to not care, because if you do it's for the sake of either tracking/analytics or screwing over your users.
The main question is: what exactly lays outside the sandbox? A good thing to search for could be Cydia, but there are alternative package managers. MobileSubstrate isn't a sure bet either, but I suppose it's a far cry safer than Cydia. An additional method could be trying to map a page you can both write to and execute, which should fail unless specific kernel patches indicative of a jailbreak have been applied (or you're a webview with Nitro enabled.)
The best method, however, is to not care, because if you do it's for the sake of either tracking/analytics or screwing over your users.