A professional photographer friend of mine shoots kids' competitive events and sells the images right on the spot. potential customers can view the images on the handful of ipads (5th gen, iOS v16.2) he has sitting at his table. recently he experienced an incident where a person turned on bluetooth on one of those ipads and was able to steal the images via AirDrop feature. is there way to allow only specific user(s) to toggle bluetooth feature, which would prevent customers from turning bluetooth on, while my friend can still use it at will? thank you!
You can use the Apple Configurator 2 app to configure and install a profile on the device to lock out those settings.
https://support.apple.com/apple-configurator
A great free tool for building profiles for devices is iMazing Profile Editor.
https://imazing.com/profile-editor
Here's where that setting is located in the iMazing Profile Editor:
Go to Restrictions on left panel, then click add payload on right panel. On General Tab, scroll down and deselect "Allow modifying Bluetooth settings". Go to AirDrop tab, deselect "Allow AirDrop". Then go to File>Save As and save the configuration profile in a location you can easily access. It will be a .mobileconfig file. Now use the Configurator of your choice to apply it to your devices.
They have an iMazing Configurator program that can apply profiles to a device that's a bit friendlier than Apple Configurator, but it is not free.
https://imazing.com/configurator
In either case, you need a Mac computer to run the configurator program to assign the profile if doing it from a computer. You can also do this using a Mobile Device Management cloud platform. Most MDM platforms can apply that .mobileconfig file/policy to your devices, but they also typically have built-in policy options that will let you do this without needing to build a .mobileconfig file first. For just a few devices, there are several options that would be free to use, even for business purposes. Below are some options worth considering.
https://www.miradore.com/mdm/free
https://jumpcloud.com/platform/cloud-device-management
https://www.manageengine.com/mobile-device-management/free-mobile-device-management-software.html
Related
I was having an issue with 'Archiving' my Xcode because my iOS device wasn't functioning.
A colleague has offered to provide his UDID / serial for his iOS device to allow me to archive my project.
Is this safe?
Does this compromise my account safety?
Does it give any of my information over to him?
You do not need a device to archive an app. Choose "Gereric iOS Device" from the device dropdown list:
The only thing this allows is the ability to install the app onto his device. Once the app is on his device, if he has the skill, he can extract any license keys and even reverse engineer portions of your app.
That said, these are all things that any user who has your app can do if you haven't guarded against such abuse.
I am making an enterprise application for iPhone, it does not contain uninstall option how to make this application in ios. Lang:Objective c
There is no uninstall on iOS, you can just remove any app you installed. You press the app and after some time the icon wobble and a cross is show, click the cross and the app gets removed.
You however restrict device and disallow the user to remove some app, this is done with Mobile Device management MDM.
You can register devices to an MDM server and push setting to the device, allow/disallow install of apps, force install of apps, restrict apps, etc..
There is no way to create iOS app that could not be removed.
But, you can use iPhone/iPad/iPod settings to forbid uninstall:
https://support.apple.com/en-us/HT204396
Or you can use MDM to setup restrictions:
Configuring devices with MDM To enable management, securely enroll
your devices with an MDM server using a configuration profile—an XML
file that allows you to distribute configuration information to an iOS
device. These profiles automate the configuration of settings,
accounts, restrictions, and credentials; they can be delivered through
MDM if you need to configure many devices and prefer a low-touch,
over-the-air deployment. Profiles can also be sent as an email
attachment, downloaded from a web page, or installed on devices
through Apple Configurator 2.
Take a look at MDM docs:
http://images.apple.com/business/docs/iOS_Deployment_Overview_Business.pdf
The only way you can prevent Deleting ( uninstalling ) apps is to go to
Setting app->General->Restrictions
From there 'Enable Restrictions' and setting up a password for parental control,
Then turn off 'Deleting App' switch control.
This is usually good for devices belonging to a company or an organization in the hands of members or employees. Otherwise you can not prevent users from deleting an app from their devices they own.
I have a Macbook with OSX 10.10.3, Xcode 7 beta and an iPhone 4. I haven't enrolled to Apple's Developer Program. I think that since the latest WWDC any developer can run apps on their device. How can I achieve that on a real device in Xcode 7 Beta?
Please follow the steps below:
Install Xcode 7.
Give a unique bundle identifier (any unique identifier):
Select a valid team from the "Team" option (you can add an account from Xcode preferences, but there is also an option for adding an account):
Then click on Fix Issue. It will take some time and will be resolved. (If you are getting any error, then there may be some issue with your Apple developer account.)
If you are not getting any kind of error after clicking on Fix Issue, then your set up succeeded:
Now connect your device. Run your code on Xcode 7 by selecting the destination as your connected device name.
I have tried it with the Xcode 7 beta version.
The following will work on any iOS/OSX version:
Download and install the Xcode 7 beta.
Open Xcode 7, open preferences->Account and click on add button left side of pop up, choose Add Apple ID and login to your Apple Account.
Plug in your iPhone and select it as the build destination.
We now need to generate a code signing signature for the app. Click on the project on the left, fill in a unique “Bundle Identifier” and click on “Fix Issue” (make sure your name is selected as “team”).
Click the play button in the top left. If there’s no build errors the app should now launch on your phone!
The following article from 9to5mac.com outlines how you are able to run apps on your iPhone without a developer account:
Apple has changed its policy regarding permissions required to build
and run apps on devices. Until now, Apple required users to pay
$99/year to become a member of Apple’s Developer Program in order to
run code on physical iPhone and iPads. As part of the new Developer
Program, this is no longer required. Apps can be tested on devices, no
purchase necessary.
However, this technically means that developers will be able to
release apps outside of the App Store as long as they are
open-sourced. Interested users could then open the code in Xcode,
compile and run it on their own devices — avoiding the App Store
completely.
This is somewhat similar to how Android allows users to sideload apps
from unknown sources, although its a bit more complicated as
sideloading requires a physical connection and a Mac running Xcode to
build the apps. As it’s not really meant for this purpose (its main
purpose is for developers to test their own software on real
hardware), more technical knowledge is needed to actually sideload
something than with the Android flow.
It’s not really an optimal solution for most developers but some apps
could foreseeably be distributed this way. For instance, GBA4iOS is an
open-source Game Boy Advance emulator for iPhone and iPad.
With the new policy change, customers can theoretically download the
application code from the open-source tree and build it locally. Then,
they can use Xcode to run it on their device. Emulators are a good
example of something that Apple will not allow in the store but are
commonly open-sourced and could be installed through this method.
Bouke van der Bijl has written up some good instructions on how to
achieve this, if you are interested.
With this change, you really only need to pay for the Developer
Program if you want to actually submit to the App Store. To submit
apps through iTunes Connect to Apple for review, a paid active
membership is still required. Apple says it dropped the fee to allow
even more budding developers to join in the iOS world as many people
(such as younger candidates and people from less-privileged
backgrounds) who were deterred by the $99 subscription fee.
If you are like me and have had a play around with xCode 8 and want to run your app on your phone/ipad but don't want to pay $99 for the privilege then here is what helped me.
go to developer.apple.com and click on account on top right and sign in with your apple id. You will be asked to sign an agreement.
go to Xcode and open preferences->Accounts and click on add (+) button left bottom side of pop up, choose Add Apple ID and login to your Apple Account.
back in the Accounts screen select your apple ID and on the bottom right click "view details". In the popup under signing identities click on the button create next to iOS Development and then Done
exit out of preferences and plug in your phone to the computer. From the dropdown menus at the top of Xcode go Product->Destination and then select your phone.
Now when you run your project it should load to your phone. You may need to go the the settings app on your phone -> General -> Device Management -> approve you as a developer
We are a small IT team that needs to purchase between 20-100 iOS devices (iPhones) to hand out to external partners. These devices will be setup once, and then leave the premises to pretty much never ever come back physically.
The devices needs to be fully locked to our application. We won't allow surfing, emailing, phonecalls, text messages etc.
I need to set this up as easy as possible. Then I need to install our application (developed in-house) and once I create an update for this app all devices needs to be updated OTA. Updates to the iOS firmware should only be available if I say so. I don't want the user to be prompted to update iOS in case our application is not compatible yet.
From my understanding, I know I need some kind of MDM solution (Preferably Apple Configurator or the MDM server built into OS X Server in Yosemite) as well as an Apple Enterprise Developer account.
I'm looking for step by step instructions on how to set this up to be failproof. If any certificate is messed up, or expired at a later stage and the devices would end up "useless" it is nearly impossible for me to get to the devices physically.
Thank you for any responses, I'm in charge of quite a important part of the business, and I have no previous experience of this (I don't want to f' up)
Your question is very large, so I'm going to only address a few specific points that should get you going in the right direction.
If the devices are bought by a company or institution, you should look into supervising the device (a process which asserts that this device is owned by a company or institution and so certain restrictions normally unavailable to BYOD are available on this device for MDM). Ideally, you'll purchase your devices straight from Apple in the US and then enroll them in the Device Enrollment Program (https://www.apple.com/education/it/dep/). This will allow you to configure the devices so that every time they are erased, they will become supervised again and re-enrolled with your chosen MDM server and configuration (and also give you the option to lock MDM so that it is unremovable).
Configurator is not your friend if you're not going to have physical access to the device. You'll want to use a MDM server and should look at a third-party vendor for the best experience (see AirWatch and MobileIron to start with). An MDM server will be able to push install and update profiles and apps on the devices and so you should look heavily into this.
If the devices will be locked into a single application, look at Single App Mode. By pushing down a profile by MDM, you can lock the device into a single app, but only on SUPERVISED devices. You'll also want to look at the restrictions available for disabling things like Safari and such. The Mobile Device Management Protocol Reference and the Configuration Profile Reference are both your friends here.
You will NOT be able to prevent devices from updating iOS itself. This is a purposeful design choice from Apple and so you need to be testing your software against the developer betas to ensure it works before release or else you're out of luck.
Go check out the Apple Enterprise page (https://developer.apple.com/enterprise/). Some good videos are the WWDC 2014 "Managing Apple Devices" and "Building Apps for Business and Education".
All a person need to do is take a regular iOS device and visit http://tui.tongbu.com/m/iphone.html and click the big grey button with the apple logo, and then click install. Then the tui app will be installed. How are they able to distribute this app on non-jailbroken devices without the app store? And how can this be replicated?
1) They may signed it with enterprise distribution key and in such case they are violating Apple agreement. Otherwise, they have an app on AppStore and they downloaded IPA through iTunes and put on their website.
As result, they have signed IPA (enterprise or appstore based) which will work on any non jailbroken device.
2) Second part is enterprise distribution mechanism. Generally speaking, what you do is your prepare enterprise distribution manifest (xml plist) which points to ipa files and other resources (as example icons). And you create a button with the link to this manifest. Link should look like that:
Some text here
Couple of additional useful links regarding over the air distribution:
http://aaronparecki.com/articles/2011/01/21/1/how-to-distribute-your-ios-apps-over-the-air
http://gknops.github.io/adHocGenerate/
Tongbu doesn't actually have no jailbreak. If you go on the website and translate what the link says, it says something about jailbreaking but no, no jailbreaking. Don't use it as it probably jailbreaks or hacks your device in some way as this would not normally be possible.