I develop an enterprise app that I have installed onto a group of iOS 9.1 and 9.2 iPads.
I have trusted the profile after app installation (e.g. following the steps in this question: iOS9 Untrusted Enterprise Developer with no option to trust) and the app was working fine.
After a few days / weeks, the "Untrusted Enterprise Developer" pop up starts to appear again when the app is launched, and in Settings->General->Device Management the app shows as 'Not Verified'
Has anyone else experienced this / is there a way around it?
I'm not currently sure if there is specific steps that cause it (e.g. a specific amount of time has passed / the unit has been plugged into a Mac / etc). I'm trying to work that out at the moment.
EDIT: I've made some edits to the original question. I have now realised that the app is still trusted, but is no longer verified (I didn't realise before that there was a difference between the two).
The following screenshot is from the Device Management section on the iPad. This is taken several days after the app has been Trusted and Verified; and was working without issue.
I have raised a bug report with Apple, but have not heard back yet.
We have the same issue with several thousand iOS 9.2 iPads that have enterprise apps installed but don't have continuous internet connectivity due to spending their lives on isolated networks or in flight mode.
Our testing suggests that despite the Apple documentation at https://support.apple.com/en-gb/HT204460 saying clearly that "This developer remains trusted until you use the Delete App button to remove all apps from the developer.", this is in fact not the whole picture.
It seems the validity of the signing credentials is periodically re-validated (presumably to check for revocation) and if that re-validation fails for any reason or can't be completed, the developer reverts to its un-trusted state and the app will not launch.
Replication is tricky as it's not quite as simple as rolling the date forward more than a month but repetition of that twinned with continuous usage and relaunching the app exposes the problem. We haven't yet found a mechanism to force this re-validation on demand. Both iTunes and MDM installed .ipa files display this behavior. The manual trust within the UI and the implicit trust given by pre-installed certificates seemingly work the same way behind the scenes.
We're about to start testing the behavior on the new betas but that conversation can't be continued here.
We are experiencing exactly the same problem....very frustrating indeed.
I work for a company with 10,000 + iPads deployed through a popular MDM platform, since roughly November 2015 an increasing number of our iPads have been displaying this message when a user attempts to open any of our internal apps. We advise a workaround, which works for roughly 24 hours. After this time, the message reappears.
Our iPads are connected to our own secure corp wifi, this network is unable to communicate with apple due to apple.com being block on our firewall. Pre November, when an untrusted developer message appeared, we would advise the user to connect the iPad with an open network, close the app and re-open. The app would open and the message would not longer appear.
I have since discovered, the iPad needed to communicate with a specific apple url to authenticate or renew the developer operational certificate, this url is ppq.apple.com. Currently this url is down which means the server that authenticates certificates is offline, hence the repeat occurence of the untrusted developer message.
Related
I have an app that was deployed on the app store in June 2019 and it hasn't been changed since then and has been working fine. Right now though, when you try to open the app, it just flickers and crashes (no error), but when I open it in simulator to debug it works just fine.
Can someone suggest some things I can research to get an idea of what could be causing this issue? I have gotten a new mac since the app was deployed to the app store and I just searched and found an email from apple with the subject "Action Needed: iOS Distribution Certificate Expires in 30 Days" on 3/21 which may be related. I have to confess I am very confused by the whole certificate process and when I saw that email I thought it only affected future apps not ones that were already deployed and on user's phones.
It is a simple app that crowd sources a photo collection and displays it in a slide show (https://apps.apple.com/us/app/big-day-of/id1460532495). I haven't made any updates or changes because the app was working and the fact that it works in simulator rules out any server side issues, so I have to assume it is something with the swift/app store connect/certificates situation?
Apple have rejected my React Native app for external beta testing because:
when reviewed on iPad running iOS 11.2.5 on Wi-Fi connected to an IPv6
network….the app launches to a white screen and no content is loaded.
After some weeks of back and forth, they’ve admitted that it was not related to IPV6, and have given me some further info:
The app’s initial React Native view controller loads with no defined
‘loadingView’ or ‘contentView’ elements. It appears that there is code
in place for Javascript updating, but as stated, we’re not seeing any
attempt at the app to reach out - it appears likely something was
disconnected between the executable and associated bundle files
between your project and the submission.
I have not seen this issue when testing on my own devices or on the iOS Simulator. Even when submitting the app to TestFlight for internal beta testers, and then installing on my iPhone via the TestFlight iOS app, it always works fine. So, I'm baffled as to why Apple sees this and I don't, and I don't really know where to start with debugging it.
Okay, case closed, I think. And it was procedural issue rather than a technical one, down to my misunderstanding of Apple's process.
I only thought I'd ever submitted my builds for External Beta review. I hadn't intended to submit it for actual inclusion in the App Store just yet. But I think that's what I must have done, and that's the version that Apple have been referring to all along. They haven't actually been looking at my subsequent builds, where the problem was fixed, as a part of this process. That's because those builds were submitted as External Beta test builds, which is a different review process.
Apple clarified this to me by sending me screen shots of the TestFlight version of the app (all good) vs the App Store submission binary (blank screen). And the penny dropped.
I'm currently developing an app for iOS using swift and I've noticed recently that after I install the app on my iPhone, it will work for some time but after a bit it just won't launch anymore and the profile under General > Profiles & Device Management > has been deleted and I have to plug my phone to my computer to re-run it.
Is there a particular reason why this would happen or is there a way around this?
Edit: I have not yet bought a developer membership, I simply wanted to know if there is a way without it.
It's because the build that you have on your phone has a limit to the amount of time that the Development profile is available on your device. It's usually up to 5 days or so, (if it's significantly shorter than that, you may have an issue) so that you can take your device home and play with it if need be and return to the office and fix any issues you find.
I'm not actually sure that there is any way to lengthen this development build time but yes that's why it won't reopen and why you'd have to re-install your application to a device to continue to test. I think it has something to do with the Apple Developers Provisioning Profiles.
Could it be because you have not bought a developer program membership? I'm pretty sure that when you install an app to your phone using the free trial membership, you get this time limit on your wildcard profile.
The "way around it" is to attach the phone to the computer and build and run on the device again.
I've come across this application today, Adblock Mobile, which installs a Profile on the users device and routes all web traffic through its secure VPN to disable/block advertisements both when surfing the web, and when using an application that implements advertisements, for example banner or interstitial ads. The majority of my applications revenue is ad based so this causes some concern for me and I'm actually surprised Apple would approve this application, as it hinders iAd from working as expected.
Is there a way to access a user's installed Profiles to check if this Profile is installed from my application?
No, it's not possible to check for existence of configuration files. Some sources:
"... if you're thinking about checking whether the profile exists and if not to install it, it's impossible (as for available documentation thus far)", October 2012, iOS - Prevent iPhone Configuration Profile from being deleted OR check to see if it's installed
Apple dev forum: How can I read the configuration profile, 2011. "Not specifically. However, iOS 7 added a bunch of enterprise integration features that might allow you to achieve the same goal via a different path.", 2013.
But you if you merely want to know whether your ads are served you can do this in another way: Simply try to load some of your ads and see if they're actually loaded and act accordingly.
This should be easy to implement. And it's all you need you only care about the fact that the ads are blocked, not in what way.
Quite a few websites do this. E.g. the Dutch tech website tweakers.net serves a message to people who block ads. And I'm sure a few iOS apps will start doing this soon as well.
Check this SO question How to detect Adblock on my website? for some ways that websites handle this.
No this is not possible due to sandbox. It would be a huge security issue if you could programmatically check or install profiles. Apple is very strict about security.
More details about the topic you can find there: iOS - Prevent iPhone Configuration Profile from being deleted OR check to see if it's installed
Retrieving data programmatically from a Configuration Profile in IOS
How Configuration Profiles Could Be Installed:
http://www.howtogeek.com/176195/why-configuration-profiles-can-be-as-dangerous-as-malware-on-iphones-and-ipads/
I'm building an in-house app that is distributed via the AirWatch app catalog. The app always runs with Guided Access enabled and all devices running it are managed by AirWatch. My questions are regarding auto-update:
Is there a way that AirWatch can force the update immediately or as soon as the device comes back online, without asking for the user's input? If so, how does the app being open affect this behavior? How does guided access being enabled affect this behavior?
Is there a link from AirWatch, perhaps an itms-services:// link, that the app can call to install the new version if a web service had indicated that it's no longer the latest version? If so, how does Guided Access being enabled affect this behavior?
Is there any other good model for remotely updating the app that will spread the update as quickly as possible and under the above conditions? The solution can be using MDM or a custom web service or both combined.
Thanks a lot for your help!!
If your devices are running iOS7 and you have your app Deployment settings set to "Auto" (as opposed to "On-Demand") the device will automatically take the update once it processes the APNs notification to do so. If the device is locked/offline it will typically check for outstanding APNs messages within a minute or so of being unlocked or coming back online.
What I don't know is since your app is in guided access mode if you're receiving a pop-up to install the new version. I've seen previously where if the app that requires an update is open iOS will prompt. What we have done to battle this is embed a check in the app that phones home to see if the app is current. If the app is NOT current the user can't do anything until they update their app.
Regarding a direct-link to the App Catalog to update the app that might get tricky with guided access enabled. Before you even try to tackle that issue understand that the app catalog webclip URL contains the UDID of the device as of AW7.1 (I think). Since the UDID is no longer programmatically accessible code-side AirWatch allows you to push the UDID upon app installation in the Deployment/Application Configuration section. You can embed {DeviceUid} into the key share on the device which will make it accessible for that applciation, hence allowing you to create the appropriate App Store URL within your app.
Good luck
honestly I didn't work with AirWatch. But I don't think that Apple provides a way for automatic update of ad-hoc or enterprise apps.
Well, I can describe a solution for an enterprise app I developed last year. Hope it will help you somehow.
First of all, I made it as a part of our secure website. (a little test flight)
Here's how app update works
When the app launches it sends special request to a server asking if
it is outdated and a new app version is available. (+ servers sends
url for new version installation (with itms-services://))
Then
if update is required, app fires alert with description of new
version, if user taps update, the app opens Safari where the user
is able to install a new version.
We made to different kinds of alert, optional (minor version change) and compulsory(major version change). With later variant user is unable to get rid of alert view, so he has to update the app.
You can update your internal app through the AirWatch Console and applications versioning.
I never used it but I imagine that at the end of the new version process, there is a way to push the updated app to the related devices. If the Push Mode is set to Auto, the user won't have to do anything and the app should be updated. If it is On Demand, the use will have to initiate the process from the App Catalog. From for the latest option, you have the solution to send a notification to the user.
It is also possible to retire or inactivate older versions to only keep the newest one.
If you have access to AirWatch Online Documentation, I recommend you the page Using Add Version for Applications. If you don't, contact your administrator and ask for all the pages located in Mobile Application Management -> Internal Applications and the page Using Add Version for Applications.
You should try it with a single device though ;)