I've seen a few other posts about creating parental controls using MDM Profiles to prevent other devices from opening certain apps:
How to do Parent Control App in iOS?
Is it possible to write a parental control app for iOS?
https://kidslox.com/
Would it be possible to use this method to allows the user to prevent access to their own apps on their own device?
In these systems, the devices are managed by an MDM server which pushes profiles to enrolled devices.
There is no "parent" or "child" concept in MDM itself, just devices which have profiles assigned. So you could place restrictions on any device, even if it was associated with a "parent", as the management comes from the MDM server, not the device.
However, a "parent" likely has the passwords needed to remove the profile from their device or change the profile associated with their device in the MDM console, so I am not sure how effective this would ultimately be.
If what you are asking is if you can externally lock certain apps on a device, then you would most likely need the apps of which you are locking to have some sort of support for the parental controls app. Something like external whitelisting of Apple ID's.
This is because as of iOS 10, the structure of the system doesn't allow one app tamper with another, unless permissions are given, which makes sense. Nobody wants their app to be tampered with by a random person.
To put it bluntly, in theory, this is possible, but only if the app that the person wants to lock gives permission. Other apps wouldn't work.
Related
I've written an enterprise iPhone app for the field workers in our company, and the powers-that-be are considering offering it to some of our client companies as a freebie for their field workers to use. I assume that Apple would not allow enterprise distribution to users who are not company employees, so I would have to place it on the App Store.
However, we would like to restrict the user base to approved users or companies, so I would like to avoid making it available to just anyone. The app does communicate with our servers, which makes it something of a risk, in my opinion, of hacking; we'd certainly like to avoid that.
I'm wondering if there is a way to restrict App Store downloads only to certain users or companies? Or is there an alternative method to prevent just anyone from downloading and using the app?
Posting as answer, as per the OP...
For your case, you probably want to look at Business-to-Business distribution: https://developer.apple.com/programs/volume/b2b/
You could use the new "DeviceCheck APIs" that is release in iOS11
Using the DeviceCheck APIs, in combination with server-to-server APIs,
you can set and query two bits of data per device, while maintaining
user privacy. You might use this data to identify devices that have
already taken advantage of a promotional offer that you provide, or to
flag a device that you've determined to be fraudulent. The DeviceCheck
APIs also let you verify that the token you receive comes from an
authentic Apple device on which your app has been downloaded.
https://developer.apple.com/documentation/devicecheck
I want to get some unique identifier to allow specific devices to accessing my API, but looking on internet there's no way to get it and it's against Apple Policy,
But I need to get one of unique ID (e.g IMEI, UDID, ICCID, MEID, ETC)
looking on react-native-device-info, it just have getUniqueID() that can changed
This is IDFV on iOS so it will change if all apps from the current apps vendor have been previously uninstalled.
How can I get a unique ID ios devices?
FYI: My app won't be release into AppStore
There are major privacy concerns when getting a unique ID from a device. You have a few options.
First, you could just add some form of authentication or login system. This could be per device, per user, or even 1 login for the entire API. You could also limit the API to only respond to certain controlled IP addresses.
Second, you could add a flag and have a different version for production then in development. Limiting access that way.
Third, on first launch of your app you could request a new token from your server. The device would then store that token and the server would as well (to ensure no duplicates). Then just take that stored token and send it to the server for every request.
But on the device level there are privacy concerns in unique IDs for each device. You have to build your own system to handle it depending on your needs.
I would suggest that the IDFV was designed to suit your needs, while maintaining some level of privacy.
It is supposed to allow you (a vendor) to identify a return visit while not allowing you (a vendor) to share a user's identity with a third party in a relatable way for the third party to data-mine.
If users are routinely uninstalling and re-installing all of your apps I would look at solving the distribution issue you have there. I would assume (although haven't tested) that an update of an existing app would maintain the IDFV.
As you have understood from the question's title, I would like to know, how to identify iOS device across multiple apps. Advertising identifier and identifier for vendor is not an option for me, as apps may not have AdSupport framework included, and they may not have similar vendors. MAC address of the device is also deprecated. Any working solution on this? Thanks in advance!
This functionality is explicitly disallowed by Apple. Any workaround you come up with will violate Apple's stated goal of preventing it (so you would obviously risk appstore rejection even if it "works"). You are not allowed to track devices. You are only allowed to track the vendor ID and advertising ID. Apple has steadily removed every other tool because those are the ones they intend you to use (and their limitations are intentional).
What you are allowed to do is track users by issuing them login credentials and having them log into your server. This usually works fine if the user actually wants the functionality you're providing by tracking them (for example, users don't mind logging into Facebook or Twitter). If you are tracking users or devices to achieve a goal the users don't actually want (such as targeted advertising that the user can't control, or attempts at digital rights management tied to devices), you're unlikely to find a supported or permitted solution.
If we distribute an app through an VPP account (Volume Purchase), will the user also get a badge on the AppStore Dashboard icon, if an update is available (like with the 'normal' user accounts?)
There is a comparison table of the VPP features for the three possible distribution paths "MDM User Assignment", "MDM Device Assignment" and "Redemption codes".
The way I understand the table is that automatic updates through the App Store are available if you distribute via redemption codes OR assign the app via MDM directly to the user / Apple ID.
Only if you assign it via MDM directly to a device (no Apple ID required), it will not have a connection to the store and therefore not provide any automatic updates. However, if you have the MDM in place, you push updates through that anyway.
Yes! After about a day — I’m not sure whether it was closer to 24 or 36 hours — every user either got auto-updated or got the badge. It just took a lot longer than you’d think. Thanks for asking — I got the email letting me know to respond or I wouldn’t have remembered to.
I work for a company that makes kiosk applications. We currently use custom windows tablets for our kiosks, but we're planning to move to using an iPad for all our kiosk apps. We need to have one single app on the app store and the workflow that we show is customized based on client. We identify which client a request is coming from by the iPad's device identifier (udid). We associate this internally with a workflow on the server side and return the appropriate workflow.
So, to recap, we need to create workflows for each single iPad and the iPads are identified by deviceId. A valid workflow is needed by the device to start functioning. Ignoring that the UDID API has been deprecated for a minute, My question then is, does Apple allow this kind of deployment if we publish the app to the App Store?
Another alternate approach we were thinking about was to build a licensing infrastructure on our side. The client would get the iPad, call us for a license key and when the key is entered correctly, we populate our database with the deviceId and a workflow automatically.
Thanks,
Teja.
I would suggest using the mac address of the ipad form the webserver
you would normally present a normal application, you will need to add normal functionality to this application, such as information about the product or the company, or about how to register or buy, you will have to add some usability to it so that apple does not reject your app as being incomplete or a demo
After that you will need to register the mac address of the iPad and authenticate it on the server, if the ipad gets authenticated, then you will present the fully functional application that the kiosk buyers will use.
Hope this will help you