I've been struggling to find how I could potentially implement a simple (iOS) app that would be able to block all connections to a specific domain (to prevent the user from accessing a specific social media platform for example, even from another app).
The information that I have found so far is that I should probably create a Packet Tunnel Provider within a Network Extension and ask the user to add VPN configurations, but I haven't found any example code that would show exactly how to implement this.
Do you have any idea how I could do that in a simple way (block all connections to a specific domain)? Is there a framework/library that I could use to do it easily?
Thank you!
Well, it would not be easy, but you can do it.
Sample code from Apple could be found here and here. This project is for iOS, but it may be on deprecated Swift version, so you will need to do some work to launch it now.
The part you are interested in the SimpleTunnel sample is FilterDataProvider and FilterControlProvider, other things you can omit, because the purpose of this sample is to demonstrate a lot of abilities.
There is also a sample for macOS that is more focused on your needs, and macOS SDK is alike to iOS, but less powerful.
You may want to see this video to sort things up in mind.
There are a lot of firewalls solutions for ios and mac, and some of them are opensource
The part you are interested in the SimpleTunnel sample is FilterDataProvider and FilterControlProvider, other things you can omit, because the purpose of this sample is to demonstrate a lot of abilities.
You will need a developer account, a network extension capability assigned to an application identity, and proper network extension entitlement file a to run things up.
There is a way to sign it manually for development without account&capability, but to distribute you will need it anyway.
For some restrictions you may be needed to install MDM profile on the device.
Related
I am looking to implement firewall/network filtering functionalities for macOS.
I am looking at the most secure way to do this, i.e. trying to make sure no network traffic is missed, and that my filtering cannot easily be by-passed.
After searching around, I can see that Apple has deprecated Network Kernel Extension. They recommend now to use the Network Extension framework.
However, I can see that firewalls for mac, for example Lulu and Little Snitch have moved to using Kernel Extension, and not the Network Extension framework.
Is there a good reason to do so? Do Kernel Extension allow a deeper, more secure filtering?
for example Lulu and Little Snitch have moved to using Kernel Extension
I can't speak for Lulu, but Little Snitch at least was developed long before the "Network Extension" API was introduced, it certainly didn't "move to" the NKE API. According to an article on their own blog it looks like they're actively investigating moving to Network Extensions. I suspect that as long as NKEs work without restrictions on all macOS versions they support, they'll keep using those, in order not to have to ship different back-ends simultaneously. But they probably have some kind of internal prototype using the newer APIs already to make sure they're prepared for when NKE APIs are finally removed from the OS.
If Network Extensions support your use case, you should probably go with them. If they don't, you should file Enhancement Requests with Apple, or you will be out of options when NKEs stop working.
Edit: To deploy NKEs, you will essentially need a kext signing certificate (Developer ID Application + Kext) if you don't already have one. The alternative is forcing your users to disable SIP's kext signing requirement, which is neither sensible nor reasonable in most cases. I hear Apple has made it much harder to obtain such a certificate in recent years.
Is it possible to create an API inside an iOS app to let 3rd party developers create app add-on that are downloadable for users inside the app?
I could not find any ressources for this topic online.
I think that's going to go against the app store guidelines if your intention is that the 3rd party developers write code, which will be downloaded and executed.
There's something of a grey area between legitimate uses and illegitimate uses of downloaded code:
Legitimate Example 1: Something like Hopscotch where children are creating simple fun shared games. These can be considered user generated content.
Legitimate Example 2: A game which is driven by scripts allows for the run-time downloading of patches to fix bugs in the scripts or even to add new levels. I believe such usages have been rejected occasionally in the past, but are generally accepted these days.
The relevant guideline from the guidelines is (emphasis mine):
2.5.2 Apps should be self-contained in their bundles, and may not read or write data outside the designated container area, nor may they download, install, or execute code, including other iOS, watchOS, Mac OS X, or tvOS apps.
And the all-encompassing:
We will reject apps for any content or behavior that we believe is over the line. What line, you ask? Well, as a Supreme Court Justice once said, "I'll know it when I see it". And we think that you will also know it when you cross it.
If your idea is to create some sort of app-store within your app-store app, then I would abandon it immediately, because that's going to be way over Apple's line.
That said, you haven't given much detail about your app, so I might have made wrong assumptions about where you're thinking of going.
If I wanted to build a real time chat app for iOS using Objective-C, what would be the best way of going about it?
Assuming you've got your server side things setup, you can use Square's Socket Rocket to implement the client side https://github.com/square/SocketRocket
If you're using socket.io at the backend, there are plenty of iOS libraries available for those as well. SIOSocket is one such library.
Maybe I am just lazy, but I do not see a point in building it all from scratch.
There are a plenty of backend providers who will be happy to provide you with ready backend and a library for building your app.
So, you'll just need to connect the solution to your project and make UI according to your needs.
Here are some backend providers you might consider:
ConnectyCube
Firebase
Sendbird
Layer
etc.
They provide different set of features, so I'd recommend checking those they provide first.
This article might be of some help as well.
Some of them like ConnectyCube can provide you also with development services, so you can order UI development according to your mockup design from them too.
I am a developer working on a robotics application for iOS. I do not intend to submit this app to the app store, nor do I have any wish for suggested methods to be apple approved....
I am trying to get bluetooth working, and I think a good place to start is to try modifying the existing apple frameworks. Is it possible for me to modify the frameworks so that when they are built to my iOS device the frameworks will be modified for the app (but not other apps on the same device)?
As a matter of fact, you can!
Objective-C allows you to "swizzle" methods to override their default behavior, and yet still call the original implementation if you want to. You can do this for any number of Objective-C methods, as many times as you want.
If you wish to override behavior that is present in C functions, you will need a little bit more control over the platform. Jailbreaking allows you to use the full power of Jay Freeman's CydiaSubstrate to hook or swizzle both Objective-C methods and C/C++ functions.
While I don't recommend the use of MethodSwizzle per se, the following URL has a good discussion of swizzling http://cocoadev.com/wiki/MethodSwizzling.
But you should really use CydiaSubstrate's MSHookMessageEx and MSHookFunction instead. Especially since you're not submitting anything to the App Store.
Now regarding Bluetooth, I've done extensive work in this field (I developed Celeste, which is a systemwide tweak providing vanilla Bluetooth OBEX support to system apps on iOS). I suggest you look into using something like BTstack, which provides you with access to the bluetooth module from the HCI to RFCOMM levels, and supports things such as SDP and pairing, which you will probably need. It also has the added benefit of not requiring method swizzling, which some people seem to think is some sort of satanic ritual that should be avoided at all costs.
Aside from categories (which extend the functionality of base classes delivered in those frameworks), I don't believe you can "modify" the existing Apple frameworks per se. A better course of action might be to simply create your own framework (or find somebody else's open source, commercial or simply third party framework) and then build that framework into the app that you install onto the iOS devices you want to work with.
I have this idea of writing an application to automatically sync files to a specific place for an ipad every time the ipad is plugged in the computer.
The problem is I've never developed a software like this before. Right now I have these two big questions:
- How to detect when an ipad is plugged in the computer?
- How to connect to and copy files over the ipad?
To make things clear, the application I want to develop should have similar functions like iTools (not iTunes).
Does anyone here have experiences in developing this kind of application? Would you please share with me how to start with this project, because I'm clueless :(
There is a rather simple option; use a internet based service to accomplish this task - just as DropBox, iCloud and similar services do it already. Maybe you can get a lot closer to your goals by simply connecting to the API of DropBox, SugarSync or alike.
Using a direct (USB-) connection to the device will be rather tough to implement and, to my knowledge, will prevent you from selling the resulting software through Apple's channels. I am not saying that it was impossible (see iExplorer) but I am saying that such endeavor will involve a lot of reverse engineering of undocumented functions to a degree that might be considered illegal in certain countries. Additionally, maintaining such software will be very demanding as Apple frequently introduces changes within their communication protocol/s.