Remove/check iOS passcode programmatically - ios

I'm working on the development of a "check-in" type app for my iPad repair company. I'd like to enforce that a pass code is removed so I have full access to diagnose the device. This could be either removing a passcode programmatically or just providing instructions on how to remove a passcode and refusing to allow the repair request to be submitted without ensuring it was removed by the user. Preferably, I'd like to be able to do this in Swift but Obj-C is fine.
I would be working directly with schools and businesses as my main customers so I would be using an enterprise development account. No worries about App Store reviewers getting their messy hands on my API calls.
Currently all of my prospective customers are using an MDM with deployment functionality so that part should be a breeze.

There is no API to remove passcode from a iOS device. But you can use one of the Mobile Device Management tool to remote wipe the device to reset the passcode.

Related

How to auto-update apps managed by MDM?

I'm building an in-house app that is distributed via the AirWatch app catalog. The app always runs with Guided Access enabled and all devices running it are managed by AirWatch. My questions are regarding auto-update:
Is there a way that AirWatch can force the update immediately or as soon as the device comes back online, without asking for the user's input? If so, how does the app being open affect this behavior? How does guided access being enabled affect this behavior?
Is there a link from AirWatch, perhaps an itms-services:// link, that the app can call to install the new version if a web service had indicated that it's no longer the latest version? If so, how does Guided Access being enabled affect this behavior?
Is there any other good model for remotely updating the app that will spread the update as quickly as possible and under the above conditions? The solution can be using MDM or a custom web service or both combined.
Thanks a lot for your help!!
If your devices are running iOS7 and you have your app Deployment settings set to "Auto" (as opposed to "On-Demand") the device will automatically take the update once it processes the APNs notification to do so. If the device is locked/offline it will typically check for outstanding APNs messages within a minute or so of being unlocked or coming back online.
What I don't know is since your app is in guided access mode if you're receiving a pop-up to install the new version. I've seen previously where if the app that requires an update is open iOS will prompt. What we have done to battle this is embed a check in the app that phones home to see if the app is current. If the app is NOT current the user can't do anything until they update their app.
Regarding a direct-link to the App Catalog to update the app that might get tricky with guided access enabled. Before you even try to tackle that issue understand that the app catalog webclip URL contains the UDID of the device as of AW7.1 (I think). Since the UDID is no longer programmatically accessible code-side AirWatch allows you to push the UDID upon app installation in the Deployment/Application Configuration section. You can embed {DeviceUid} into the key share on the device which will make it accessible for that applciation, hence allowing you to create the appropriate App Store URL within your app.
Good luck
honestly I didn't work with AirWatch. But I don't think that Apple provides a way for automatic update of ad-hoc or enterprise apps.
Well, I can describe a solution for an enterprise app I developed last year. Hope it will help you somehow.
First of all, I made it as a part of our secure website. (a little test flight)
Here's how app update works
When the app launches it sends special request to a server asking if
it is outdated and a new app version is available. (+ servers sends
url for new version installation (with itms-services://))
Then
if update is required, app fires alert with description of new
version, if user taps update, the app opens Safari where the user
is able to install a new version.
We made to different kinds of alert, optional (minor version change) and compulsory(major version change). With later variant user is unable to get rid of alert view, so he has to update the app.
You can update your internal app through the AirWatch Console and applications versioning.
I never used it but I imagine that at the end of the new version process, there is a way to push the updated app to the related devices. If the Push Mode is set to Auto, the user won't have to do anything and the app should be updated. If it is On Demand, the use will have to initiate the process from the App Catalog. From for the latest option, you have the solution to send a notification to the user.
It is also possible to retire or inactivate older versions to only keep the newest one.
If you have access to AirWatch Online Documentation, I recommend you the page Using Add Version for Applications. If you don't, contact your administrator and ask for all the pages located in Mobile Application Management -> Internal Applications and the page Using Add Version for Applications.
You should try it with a single device though ;)

iOS 8 Unique Identifier (Serial Number preferred)

I am working on an enterprise app and need access to programmatically retrieve the device's serial number. Is there an API or any documentation on how to retrieve this in iOS 8? From what I can tell, this functionality has been removed in iOS 8.
Is there a suitable replacement identifier for the serial? I need something that is reliable and will never change even if the device is reset.
It will be for enterprise usage so App Store approval is not a concern.
You're up a creek here. The two "tracking" features are Advertising Identifier and Identifier for Vendor. The former can be reset within the Settings app quite easily while the latter will reset once the user uninstalls all apps with the root bundle identifier associated with the app suite. Both also change with a device reset of course.
If you're deploying the app with an MDM solution you will have access to that device's UDID as it still flows forward to MDM servers, you just can't access it programmatically in your code. The complete deprecation of UDID, serial number and MAC address (even with private APIs) stomped all over some custom utilities I wrote within our Enterprise to try and accomplish something similar to what you're looking to do. If you find somethingthats consistent I'd love to see the follow-up!
EDIT:
I had an epiphany while circling back to this situation again. If you are in fact using AirWatch (I can't speak to Mobile Iron, etc) you can setup the console to send a keychain value to each device at the time of app install. From there the app will be able to consume the value AirWatch sends down. The same goes for any attribute that AirWatch harvests for the device (serial, UDID, MAC, etc). While this workaround comes with a big caveat (using AirWatch for deployment) it will work. Since Apple neutered all Serial Number work arounds win iOS8 this is the most viable option I have found.

iOS 8 Suggested Apps - How does it work?

Over the past little while I’ve been working with a client who would like to leverage Apple’s new Suggested App feature on iOS 8. The client's goal was to display a suggest app lock screen notification any time a person passes by a specific geo-location. After spending some time trying to find a concrete answer to what level of control (if any) the client would have over Apple’s Suggest App feature, it was decided to send our questions directly to Apple.
Below is copy of the questions I sent to Apple.
Hello,
For our next app release, my team and I would like to leverage Apple's Suggest App feature provided in iOS 8.
We've taken a look through the iTunes Connect portal and we haven't been able to find a configuration panel anywhere which allows us to control when/where our app should appear as a suggested app.
Questions:
Is it possible for us to specify the conditions that out app will appear as a suggested app for users who haven't downloaded it yet?
Can we specify a geo-fence that will display our app as a suggested app on a user's lock screen?
If we have no control over Apple's Suggested App configuration, under what conditions will our iOS appear on a user's lock screen as a suggested app?
STEPS TO REPRODUCE
Turn on your phone
Enable suggested apps
Enable 3G
Lock your screen
Walk past a region.
Expected Result: A suggested app appears on the iPhone lock screen.
Here is the response I received directly from Apple Developer Support Team:
Hello,
Location relevant Apps are recommended on the lock screen and in the App Store based on a number of factors, including their popularity at the location, and there is no mechanism or process by which an App developer can add their App to the list of recommended Apps.
However, if your iOS App is directly related to the location or venue (such as a mall guide iOS App which is published by the mall owner or operator), and you believe your iOS App’s relevance warrants it being included the list of recommended Apps, then you are encouraged to submit an enhancement request via http://bugreport.apple.com/, and request that Apple consider whether your iOS App should be included in the list of recommended Apps for that location.
You should provide as much detail in the ’enhancement request' about the App and venue/location as possible, such as the App ID, App Name, URL to the App on the App Store, venue name, venue location (address & lat/lon), the relevance (if any) of your iOS App to the venue/location, and relationship (if any) between you as the developer and the owner/operator of the venue/location.
Submission of an enhancement request does not guarantee that a particular iOS App will be added to the list of recommended Apps for a venue or location, and the sole feedback from Apple on the request will come through the http://bugreport.apple.com/ bug report system.
Regards,
Apple Developer Technical Support

Lock iOS app in single app mode programmatically

Note : I don't want to submit this app to app store.
What i want to achieve :
I want simple app with one view having two button Lock and Unlock.
Lock - This button will lock device. Only this app's screen will show nothing else will be accessible even after restart same screen will show up. Home button, gestures will get disabled similar to single app mode.
Unlock - This will unlock device and switch to normal behaviour of device.
iOS :
I want this for iOS 4.3 and above.
I have checked following solutions, but these don't match my requirements
Configuration profile
Lock-down iPhone/iPod/iPad so it can only run one app
But it is manual (reboot device, open app which you want to run in single app mode). I want to do it programmatically the way i mentioned above through my app.
Guided access (iOS 6 and above)
How to lock down user to Single App mode in iOS 6, Programmatically?
I want it do for all os and programatically.
Is there any way to do this ? As i don't wan't to submit it to app store is there any private api, some hack for springboard to achieve this ?
Thanks in advance !!
As I know in iOS 7 there is a new feature which allow to do exactly what you want.
However, it's only applicable for iOS 7 (and I believe it's only applicable to a supervised devices).
1) You will need to install restriction configuration profile with autonomousSingleAppModePermittedAppIDs key (take a look here)
This is one time step and a user will need to manually accept this configuration profile.
There is another option to use MDM to install it silently, but it could be an overkill for you.
2) You should use API:
UIAccessibilityRequestGuidedAccessSession (to lock/unlock)
It is defined here
3) And most beautility part. All of it is officially document. So, you can even submit it to AppStore.
P.S. Why do you care about 4.3 or 5? They have tiny market share by now. Most likely even iOS 6 has below 20% market share already.
Update 1
Potentially, you can try to use API which sends clicks and keys (search for GSEvent in iPhone-privateapi tag). May be using these API's you can do triple home to toggle accessibility on and off.
If this work, I think you should be able to cover iOS 6. I am not sure whether both this API and triple home click were available prior that.
It looks like this private API is unaccessible anymore in iOS 7. So, probably you can ignore this idea.
Just wanted to write on this even though this is old as i needed to implement a similar solution and i got it working. The steps for me as follows and a note here is that this involves MDM and other specific steps.
My requirement was as follows. Each of the iPad at different locations has a set of apps installed.For ease of it lets assume each Dept. has their own apps. Participants open a app related to their dept. to take a test, the APP automatically Locks the iPad to single-app Mode and at the end of the test, it will unlock it self.
Supervise the iPad/iphone using the Apple Configurator.
Install the MDM related files ( Each MDM has its own set of instructions, usually involves downloading a profile).
Every MDM has a option of Single APP Mode or MultipleAppMode. Select the second option and add the app IDs to the list. (A single APP mode works pretty well with MDM's but i did not want the app to be locked to a single APP all the time).
I used the UIAccessibilityRequestGuidedAccessSession api to lock unlock the device from single app mode.
http://bobxcode.blogspot.com/2015/12/programmatically-implement-single-app.html
Thanks,
Bob
In MDM configuration, There is an option
autonomousSingleAppModePermittedAppIDs
Optional. Supervised only. If present, allows apps
identified by the bundle IDs listed in the array to
autonomously enter Single App Mode.
Availability: Available only in iOS 7.0 and later.
But this needs Supervised Device mode.

Programmatically executing the application out of sandbox in iPhone

How to build an application which is capable of executing outside the sandbox in non-jail broken devices? Because I need to access the files and other informations like sms, call history etc ...
I'm afraid you will probably not be able to do this. The provided SDK, and terms of using the SDK do not allow you to operate outside of the sandbox.
Even if you were able to access the information, then the app would only ever be for your own use (unless you are an enterprise developer) as it would most likely get a rejection from the App Store approvals process.
The only access outside the sandbox that is allowed is mediated through Apple's SDK. You will only be able to access specific items, such as the Address Book or Photo library, through the iPhone OS framework.
If you have a more specific question about what you want to accomplish, perhaps we can answer based on what is currently allowed.
There's no method that I know of to perform access outside the sandbox that is defined by the iPhone SDK.
Even if there were, your app would not be available for non-jailbroken phones, as it wouldn't be approved by the app store.

Resources