Is there anyway to block the use of certain ports from the use of an ios MDM like jamf? Say that you wanted to stop VPN's from being allowed? Short of blocking every downloadable VPN from the app store, is there a way to prevent users from using these specific ports on their ios devices without closing off ports via a firewall?
Originally I was thinking about an apple app store keyword based block, but the Jamf MDM doesn't allow this.
Related
I'm trying to write a super-simple iOS app, just for personal use (i.e. it doesn't need to conform to any App Store stuff). I want it to do the following. Assume it's installed on two devices, both of which I own/control.
On device 1, it has a button that, when pressed, will immediately cause a notification to pop up on device 2.
I'm fine with hardcoding specific apple IDs, device IDs, whatever; it's also fine if this only works when the two devices are on the same LAN/Wifi. all I want is for the above to work, in the easiest way possible, and preferably without needing anything to run on a server anywhere.
How simply can this be implemented? I've set up a whole push-notification system once before, but that required some server-side stuff. Hoping to be able to do this without any of that.
====
Update: realized I wasn't clear in the original post that I need the notification on Device 2 to pop up whether or not the app is currently open/running on that device.
I think that what you are searching for is multipeer connectivity framework.
The Multipeer Connectivity framework supports the discovery of
services provided by nearby devices and supports communicating with
those services through message-based data, streaming data, and
resources (such as files). In iOS, the framework uses infrastructure
Wi-Fi networks, peer-to-peer Wi-Fi, and Bluetooth personal area
networks for the underlying transport. In macOS and tvOS, it uses
infrastructure Wi-Fi, peer-to-peer Wi-Fi, and Ethernet.
source: https://developer.apple.com/documentation/multipeerconnectivity.
You can also check those tutorials:
https://www.ralfebert.com/ios-app-development/multipeer-connectivity/
https://www.hackingwithswift.com/example-code/networking/how-to-create-a-peer-to-peer-network-using-the-multipeer-connectivity-framework
Send sms to port is a way (the protocol will become SMS): https://developer.apple.com/documentation/foundation/nsportmessage
and Maybe Firebase Remote Config can help you: you can get your data in FCM remote config (key-value) from the app :
https://www.raywenderlich.com/17323848-firebase-remote-config-tutorial-for-ios
https://firebase.google.com/docs/remote-config/get-started?platform=ios
, and you can modify your data whenever you want, and the app can fetch it.
I have similar requirements, and it seems like APNS (Apple Push Notification Service) is required for this because it's one of the only ways to 'activate' an application that is in the background.
As a result, then the question is how to make APNS as painless as possible? It seems like combining Firebase Cloud Messaging (or FCM) (to manage APNS / sending messages), and Firebase Functions (to help manage FCM server-side requirements) is one decent option.
I am working on a NetworkExtension which uses the NEPacketTunnelProvider to provide VPN-like tunnel so I can modify the traffic.
This works great for basically all the apps I tried so far, but Facebook Messenger seems to be able to ignore it. I first see that the traffic goes through the tunnel, should be blocked (for testing), but then the messages are successfully sent anyway.
To me this suggests that Messenger first goes through the tunnel and when that does not work, it has some kind of fallback. This happens whether I am on Wifi or cellular data. At first I thought that it may somehow fallback to cellular when WiFi does not work, but even when I disable cellular on the iOS level, Messenger still works when the tunnel is active.
I tried getting all the system routes (meaning the IPs and masks) and manually setting them to includedRoutes on the NEIPv4Settings but this has no effect.
Does this look like the Messenger is indeed bypassing the VPN tunnel? Or maybe something else is at play?
So far I have tried basically all configuration combinations and nothing seems to affect Messenger in any way. Apps like Signal, Instagram, YouTube and other can be successfully cut off the network with the tunnel.
EDIT: Found this on the official Apple forums: https://developer.apple.com/forums/thread/122330
Actually Facebook Messanger sends traffic to all active interfaces in iOS. It even sends tarffic out trough Cellular, when mobile data is disabled from settings.
EDIT 2: I tried the new iOS 14 configuration option includeAllNetworks which seems to work for Messenger but somehow messes up other apps like Signal or WhatsApp.
When I don't have this flag on, Signal work with my VPN on and I can see its traffic, but when I enable this flag Signal does not send messages nor receives them.
Apps can use low level API and force traffic via some interface (using bind for example), and go outside your VPN.
The way to enforce using the VPN is to enable the flag includeAllNetworks on your VPN configuration -
manager.protocolConfiguration!.includeAllNetworks = true
So basically I have two iOS apps installed on the same device, and they need to communicate by sending data to each other. I don't want to use URL scheme or Universal links as these two would open the other app in UI instead of sending message to each other in the background. Currently I have a solution of using a unix socket connection by binding one app to a specific port and have another app connect to it. This works fine but I am just wondering if Apple would allow the usage of this.
Note that these two iOS apps do not come from the same developer so anything else that relies on App Group would not work in this case..
Would Apple allow using a socket in this case?
Edit: One of the app is valid to run in background, so background execution is not a problem
No, this is not possible simply because the application will lose network connectivity when it goes into background mode. I invite you to check the following Apple Developer Documentation page related to iOS app background modes:
Background Execution
As you can find on the page, the operating system suspend the app when it moves to background and will then cut several resources including network access.
There are however some exceptions to the rule, which are voice ip apps. These must declare the voip background mode in the plist file to be allowed to keep network streams open in the background.
This question comes a lot on iOS or Android and unfortunately the answer so far is no, we can do tcp client / server communication between apps.
It is totally doable as long as one of your apps has permissions to run on the background. Such example is music apps. Spotify does the same thing with their “app-remote” SDK.
I have gone through a lot of articles on internet and most say that IOS applications allow IPC using protocol handlers (URL Schemes). But, Can't we achieve IPC using sockets, if one application opens a port and the other tries to connect to it ?
iOS8 introduced IPC support by exposing mach ports for so called "application groups". Check out this great tutorial:
http://ddeville.me/2015/02/interprocess-communication-on-ios-with-mach-messages/
It requires a bit of setup (to define application groups in dev portal, generate proper entitlements, etc..) but is not really so difficult and Xcode 6 does most of the job automatically (just enable "App groups" in general capacities section).
I can confirm, it works (I was able to create 2 apps sending messages to each other).
On iO7 there is no official support for IPS, but If you do not plan to upload your app to AppStore, you could try to exploit inter-app audio communication to achieve this.
Check out Apple's code sample, which demonstrated inter-app sound data stream between 3 apps:
https://developer.apple.com/library/ios/samplecode/InterAppAudioSuite/Introduction/Intro.html
Associated WWDS video:
https://developer.apple.com/wwdc/videos/#602
I haven't try to exploit it for non-audio usage but can't see the reason why shouldn't it work. Data rate is great, and sound data are just bytes and do not have to be redirected to the speaker, but interpreted however you like.
Of course, it will be rejected in AppStore review, but it is still fine for enterprise or own usage.
No, it is not for several reasons. 1) Apple does not allow this internally and has security layers to prevent this. 2) Applications fire applicationDiD/WillEnterBackground after a short delay, at which point the way you can interact with it plummets.
If you really want to send data between applications, set up a server with certs to match your app so you can use APN (apple push notifications) to send data in silent pushes to applications. Then, set up endpoints on the server that trigger those sends, and have apps consume the API that the server exposes.
I have to build an App that connects to a special Wi-Fi network and the opens an Ip address that is only available withing the network.
Is it possible to connect to a special wi-fi network (say "Network XYZ") via iPhone App. If so, please let know, so that I have an idea how to solve this.
Sadly no. Not from within the app.
All you can do is instruct user to go to settings and connect to that network.
If iPhone was not registered to any WiFi network before entering your app and your app has usesWiFi key set to YES then user will get a list of available networks to choose from.
One more big problem is: there are no AdHoc networks on this list - only infrastructure networks. AdHoc networks are available only trough settings.
What you could do is to instruct your user to set the auto-join feature on for desired network.
I'm afraid the only way to change the network is via the Settings application. Otherwise, rogue apps might be able to move users to their own proxies without the user's knowing.
It may be possible on jailbroken devices, however, as you would no longer be confined to working within the usual app restrictions on accessing system-level settings.
You can have your app launch once the user connects to the SSID you specify using the CaptiveNetwork API.