I'm new in MDM servers at all.
I'm working with nanomdm server. Can I add my own metadata to the commands or payload, which send to the device? For example, UDID, that will be readed later by my mobile application and how can my mobile application do that? Or can I get UDID, which used in nanomdm, by my mobile application in another way?
Like that:
...
<key>PayloadContent</key>
<array>
<dict>
<key>UDID</key>
<string>MY_UDID</string>
</dict>
<dict>
<key>PayloadDisplayName</key>
<string>Profile Removal</string>
<key>PayloadIdentifier</key>
...
udid = get_from_profile()
One your iOS device has been registered with your MDM, you can provide configuration to an iOS app using the Settings command.
The app must first be "managed" by the MDM. This can be accomplished using the "InstallApplication" command. Once you allow the app to be managed, using the Settings command with a payload containing your devices UUID.
Related
Dark mode support was added to version 2.20.31 (released in March of 2020) of the WhatsApp client. This is an iOS 13-only feature, and from the look & feel it appears to be a fully native implementation. I think it is safe to assume that the app is now being compiled with iOS SDK 13.0 or above.
The thing is, as of iOS 13, Apple now requires the native call screen to be shown whenever a VoIP notification is received - otherwise, the app will not receive any further VoIP notifications. In previous version of iOS, some apps (including WhatsApp) appear to use "fake" incoming VoIP calls to silently wake up the app in background when the user attempted to use the web client, so that the latter could then connect and exchange data directly with the phone.
However, as of the latest version, the web client still appears to work as it did before despite the restriction introduced by Apple. Using a debugger it is possible to observe the iOS app waking up whenever the user opens the web client on a PC, but no call screens are ever shown. This can be done repeatedly and as often as we want.
The logs from WhatsApp seems to confirm what is written above:
default 17:09:44.515731+0000 callservicesd Call source <CXXPCCallSource 0x111ecb0a0 identifier=UKFA9XBX6K.net.whatsapp.WhatsApp isConnected=1 processIdentifier=417 isPermittedToUsePublicAPI=1 isPermittedToUsePrivateAPI=0> registered with configuration <CXProviderConfiguration 0x111e9bb40 localizedName=WhatsApp ringtoneSoundURL=(null) iconTemplateImageData=0x0 maximumCallGroups=1 maximumCallsPerCallGroup=1 supportsAudioOnly=1 supportsVideo=1 supportsEmergency=0 supportsVoicemail=0 supportsCurrentPlatform=1 includesCallsInRecents=1 audioSessionID=1151157 supportedHandleTypes=2>
If we try to do this with our app, the results are quite different:
error 18:56:19.949023+0000 callservicesd Killing VoIP app com.xxxxx.xxxxx.xxxxx because it failed to post an incoming call in time.
Any idea what's going on here? Is WhatsApp using any sort of undocumented workaround or exploiting some sort of private API?
This is WhatsApp latest entitlements file:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.developer.icloud-container-identifiers</key>
<array>
<string>57T9237FN3.net.whatsapp.WhatsApp</string>
</array>
<key>com.apple.developer.pushkit.unrestricted-voip</key>
<true/>
<key>com.apple.developer.ubiquity-container-identifiers</key>
<array>
<string>57T9237FN3.net.whatsapp.WhatsApp</string>
</array>
<key>application-identifier</key>
<string>UKFA9XBX6K.net.whatsapp.WhatsApp</string>
<key>com.apple.developer.carplay-messaging</key>
<true/>
<key>aps-environment</key>
<string>production</string>
<key>com.apple.developer.icloud-container-environment</key>
<string>Production</string>
<key>com.apple.developer.associated-domains</key>
<array>
<string>applinks:api.whatsapp.com</string>
<string>applinks:v.whatsapp.com</string>
<string>applinks:chat.whatsapp.com</string>
<string>applinks:wa.me</string>
</array>
<key>com.apple.developer.siri</key>
<true/>
<key>com.apple.developer.team-identifier</key>
<string>57T9237FN3</string>
<key>com.apple.developer.icloud-services</key>
<array>
<string>CloudDocuments</string>
<string>CloudKit</string>
</array>
<key>com.apple.security.application-groups</key>
<array>
<string>group.net.whatsapp.WhatsApp.shared</string>
<string>group.com.facebook.family</string>
<string>group.net.whatsapp.WhatsApp.private</string>
<string>group.net.whatsapp.WhatsAppSMB.shared</string>
<string>group.net.whatsapp.family</string>
</array>
</dict>
</plist>
This specific entitlement seems to be the reason that they are allowed to not report an incoming call:
com.apple.developer.pushkit.unrestricted-voip
I can't find any documentation regarding this entitlement, so I'm pretty sure they have been given a special permission by Apple.
I've asked eurodev support about this and just received:
At this point we don’t have any additional information about the unrestricted entitlement that you are asking about. The only information that’s available is linked here.
https://developer.apple.com/documentation/bundleresources/entitlements
Pushing back to them to get more info.
Thanks.
Need some help to understand terminology and the process correctly.
I have an iOS app that i want to install on my Devices for testing. So far i was able to install the app on my devices only through iTunes(with archived .ipa file), plugging the device to my Mac.
My iOS developer program is not enterprise, it's regular Developer Program (the $99 one).
Can i use over the air installation in my case? http://help.apple.com/deployment/ios/#/apda0e3426d7
My app is built with a "Development" Provisioning profile and not "In House" provisioning profile. Documentation says it must be built with and in-house provisioning profile. I don't have in-house option in my Developer Program interface.
What other wireless, web based installation options can i provide my users?
The difference between signing with an Enterprise account in-house distribution profile and one from a regular account is that the former allows any iOS device to install the .ipa, and the latter one allows only devices listed in the profile to install it.
Without an enterprise account, this means that you need to obtain the deviceID from the devices first, create a provisioning profile that contains all those IDs and use that profile for an OTA-build (OTA = over the air).
But before you do, just try out the next steps with your own device (which for sure is listed as you use if to build on from Xcode). The next steps are error-prone enough even without trying multiple devices:
To create an OTA-build you need to do the following:
create a .ipa for in-house distribution (this will make sure the profile is included into the package, which allows listed devices to actually install it)
create a .plist file with information about the app and a URL to the .ipa file (see below). The link to the .ipa contained in it needs to be HTTPS.
create an .html file with a specially formatted link (also needs to be HTTPS) to that .plist file: <a href="itms-services://?action=download-manifest&url=http://linkToyour/plistFile.plist">
Download My App
</a>
If you browse on your iOS device to that webpage, you should be able to install the .ipa file. Make sure that you have your device connected to your machine with Xcode's devices pane open. This will allow you to look at the system output in the console when things don't work (the alerts on your iOS device usually are not helpful).
Note that another, way more convenient way is to setup an Xcode bot. Maybe you can do this from one machine, but I did this using an old MacBook I still had. Download Xcode Server (for free) by using the redemption code from the developer portal. Enable Xcode server, then setup a bot from your local machine. This is by far the most convenient way.
Here is a template of the .plist file that you need to make:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>items</key>
<array>
<dict>
<key>assets</key>
<array>
<dict>
<key>kind</key>
<string>software-package</string>
<key>url</key>
<string>http://yourWebSite.com/youripaFileName.ipa</string> // change this
</dict>
</array>
<key>metadata</key>
<dict>
<key>bundle-identifier</key>
<string>yourBundleID</string> // change this
<key>bundle-version</key>
<string>yourApplicationVersion</string> // change this
<key>kind</key>
<string>software</string>
<key>title</key>
<string>yourAlertTitle</string> // change this
</dict>
</dict>
</array>
</dict>
</plist>
Clean build folder. Go to Product Menu and Select Archive from the submenu. Let the process of archiving complete. Once it will get complete select export option from screen menu.
Select save for development deployment method to export the ipa file.
Chooose your provision profile and account that was used when you created the provision profile.
Choose Export one app for all compatible devices option
In the summary screen verify the correct provision profile and entitlement has been added to archived file. Click next option
Finally save the ipa file to desktop or any other folder where you need it.
Upload the .ipa file to https://www.diawi.com/ and get the installation link
I am working with an App which is using Apple Push Notifications.
I have permissions to use Push Notifications granted to the app.
When I was using xCode to install App I was able to receive APNS. However, when prepared ad-hoc build of my application the server (which is using URL = gateway.sandbox.push.apple.com ) was receiving from the service error "Invalid token".
So we decided to provide Production Certificate to server and it caused that there is no error returned but also no notification was delivered.
I have checked also app package and it seems to be OK:
<plist version="1.0">
<dict>
<key>application-identifier</key>
<string>XXXXXX</string>
<key>aps-environment</key>
<string>production</string>
<key>com.apple.developer.team-identifier</key>
<string>XXXXXX</string>
<key>get-task-allow</key>
<false/>
<key>keychain-access-groups</key>
<array>
<string>XXXXXX</string>
</array>
</dict>
</plist>
I am looking for a solution.
I have APN Production Cert in Keychain Access (but without Private Key), but I can obtain a p12 file and import it that way with private key
Maybe URL is wrong (but why it gives no error?)
I will be grateful for any help related to solving my problem.
Kind regards
The problem now was that we have been using for our tester ad-hoc deployment with development provisioning profile. And with X-Code6 there is no longer possible to do such thing. As a workaround we use XCode6 to package everything and XCode5 to export it.
I'm developing a iOS 7 app and i would like to know if the feature "Per app VPN" is activated "by hand" (like location services, where you can choose which app can and can't) or I can set it up by code inside the app?
Looking around the web I found very little info about it, and apple announcement did not make it any clear also... I was hoping to prompt the user for the VPN configuration when he first open the app, and then, when he is "outside" the internal Wi-Fi, I would automatically activate it...
Information is still somewhat sketchy, but from what I can tell so far its something the VPN vendors will need to support, and it will be enabled using configuration profiles, e.g. via MDM. In the profile you'll define your VPN configuration like you can do today, and additionally you'll specify which apps use which VPN configs. Apps won't be need to be modified at all, nor (I assume) even aware they're being tunneled. I don't know yet if they'll allow users to configure this on their own, without a config profile. I don't see why not, other than maybe wanting to insulate common users from "enterprisey" features.
I expect Apple will release a new version of the iPhone Configuration Utility or Apple Configurator that will allow you to set all of this up. If you have access to their developer site there's information about the XML keys in the config profile that turn it on, so you could probably craft a profile on your own without the tool, but without VPN vendor support there's not much you'll be able to do. I don't know if any of the built-in VPNs currently support it.
*Note: This is an example custom payload. It needs to be modified to match your VPN configuration and is supported by some VPN providers. This example is using a Connection Type of L2TP. The new keys for Per-App VPN are the VPNUUID and OnDemandMatchAppEnabled.
<dict>
<key>PayloadDescription</key>
<string>Configures VPN settings, including authentication.</string>
<key>PayloadDisplayName</key>
<string>VPN (VPN Configuration)</string>
<key>PayloadIdentifier</key>
<string>126b636d-38ce-4bb1-a211-5239e60bd4ab</string>
<key>PayloadOrganization</key>
<string></string>
<key>PayloadType</key>
<string>com.apple.vpn.managed.applayer</string>
<key>PayloadUUID</key>
<string>63e3f54a-e8bd-45fd-af18-5aadfed9dc9d</string>
<key>PayloadVersion</key>
<integer>1</integer>
<key>UserDefinedName</key>
<string>VPN Configuration #12345</string>
<key>VPNUUID</key>
<string>b78ee624-442d-4997-a77f-dc8245109716</string>
<key>OnDemandMatchAppEnabled</key>
<string>True</string>
<key>VPNType</key>
<string>L2TP</string>
<key>EAP</key>
<dict />
<key>IPv4</key>
<dict>
<key>OverridePrimary</key>
<integer>0</integer>
</dict>
<key>PPP</key>
<dict>
<key>CommRemoteAddress</key>
<string>ExampleServerHostname</string>
<key>CCPEnabled</key>
<integer>1</integer>
</dict>
<key>Proxies</key>
<dict />
</dict>
More information is available at: https://developer.apple.com/library/ios/featuredarticles/iPhoneConfigurationProfileRef/Introduction/Introduction.html
So recently my iPhone 4 decided to stop working and I can no longer connect it to my Mac or PC with a USB (it'll only charge if I connect it to a USB that's in a wall outlet and I have to push the 30 pin connector upwards while inserting) but that's another issue.
The problem is that I can no longer build and test my app on my device.
I have my device set up with iTunes so I can do a wireless sync. So other than testing my apps on my device the phone is still 100% usable.
I was reading this other post Xcode 4.2 Support Wirelessly Connected Devices that seems to be talking about wirelessly building apps onto devices. But they also say it was removed in Xcode 4.3.1.
I've never actually used this feature in previous Xcode's so i'm not sure if that's what they were actually for/if they worked well or what not.
Basically i'm asking if anyone knows a way to build my apps wirelessly to my device.
I guess I could build make an AdHoc release, put the app file in my iTunes and sync my device there, but at that point I would rather just borrow a friends device to test on.
You can certainly do this. Make your own app store :)
First, build your app to an archive (.IPA) file. Next, export your project PLIST file.
This should look something like this:
<plist version="1.0">
<dict>
<key>items</key>
<array>
<dict>
<key>assets</key>
<array>
<dict>
<key>kind</key>
<string>software-package</string>
<key>url</key>
<string>[URL]</string>
</dict>
</array>
<key>metadata</key>
<dict>
<key>bundle-identifier</key>
<string>com.usaa.FileTransfer</string>
<key>bundle-version</key>
<string>2.21</string>
<key>kind</key>
<string>software</string>
<key>title</key>
<string>File Transfer</string>
</dict>
</dict>
</array>
</dict>
</plist>
Finally:
Ensure that the string entry for [URL] contains the correct path to your archive (IPA).
Create a small HTML page with a download link to that plist file. (see below) Be sure to include the mime-types below!
Navigate to that download link via your iPhone and install!
a href=itms-services://?action=download-manifest&url=YOURURLGOESHERE>Download App
MIME Types
application/octet-stream ipa
text/xml plist
If you try to navigate on anything other than an iPhone you will get an error about the itms protocol not being recognized. You can test this out on your desktop by right clicking the link, and select copy shortcut. Paste into the url browser, and remove the everything except your plist URL location. This should kick off a download on you browser and you should receive the ipa file (which you can uncompress and check out)
Find more info here!