My goal is to block a device under some circumstances and for predefined devices.
I am aware of the LockDevice feature of MDM. I am also aware of the "enforce to set a passcode" feature of MDM.
But is there a way to lock a device with a predefined passcode? (i.e. the passcode is not set, and I want to enforce the user to enter my passcode to use his device)
EDIT: As people said here, MDM makes use of a predefined user's passcode.
It there a workaround for this? Or maybe some other way of achieving my initial goal?
Thanks!
There is no MDM command of configuration profile to do that. Password is always defined by an user.
Related
My project have a case: one account user can only log on to one device ( if user log on to app in device A, user can't log on to app in device B). My Idea is: when user login, I'll get the imei Iphone (like android) and send it with request login to server. But I can't get imei. I try with UUID, but UUID will change when re install app. Keychain does not solve the problem. Please help me.
You have to use Keychain to store Unique Id , this will not change even if user delete app
You can use any wrapper Source code to do this
here is an example
https://github.com/Joe0708/KeychainUUID
At the beginning I'd like to mention that I do not know any method that directly answers your question, especially that Apple does not allow you to read IMEI and other similar stuff due to privacy concerns. This has been answered here.
The workaround might be as follows
Take a look at the UIDevice class, especially at the identifierForVendorProperty which provides you (according to documentation ) with a device specific value.
The value of this property is the same for apps that come from the same vendor running on the same device. A different value is returned for apps on the same device that come from different vendors, and for apps on different devices regardless of vendor.
As far as i know some financial apps are secured this way to permit only one device to access the account. This however requires registering a device each time application is reinstalled.
Alternatively you can use UUID you generate within your app (first run) and then you assign it for the user online. It might take the form similar to two step verification process. Be aware however that with such restrictions user will have to be online all the time to use your app.
Is it possible or is there a way to make an app that automatically do something when the user has entered the wrong passcode in the home screen.? The app should do something only if the passcode is wrong. The passcode I'm talking about are the ones that the user uses to unlock the screen. Only passcode since touchIds are not working on lower versions of iPhones.
If yes, can you give a link on a documentation or maybe even a simple code so I can understand. I'm still a newbie btw. Thanks
As the previous answer has already said, Apple doesn't allow you to do anything with the passcode. This is because the developer would be able to get the passcode of the user which would be a major security breach.
On a side note, this is possible on jailbroken iOS devices, however that probably misses your point and is against Apple's guidelines anyways.
No that is not possible. That is an Apple Restriction.
Third party apps cannot have any access information on the home screen passcode actions.
I'm writing a Today notification center widget which I want to show different information depending on whether or not the device has password lock enabled (basically I want to hide confidential information if the device is password locked). I looked around and couldn't find any good ways to do this. Has anyone been able to successfully do this?
I would not call this best practice, but it should be a workaround:
Try to access data in the keychain. If it works, the device is free, if not it's locked.
Disclaimer: There is a chance this will break in the future with changes around WatchKit. It's not documented yet, but chances are that the watch will be able to access the keychain although the device is locked.
You may be able to enable iOS Data Protection for your app and then use the applicationProtectedDataWillBecomeUnavailable and applicationProtectedDataDidBecomeAvailable methods of UIApplication to detect changes in the password lock setting.
Warning: these API's are not intended for this use, so there's always the risk that Apple will take issue with it and reject your app.
Only for iOS 8, you can use kSecAttrAccessibleWhenPasscodeSetThisDeviceOnly protection level to find out whether or not the device is locked. This frame worked might help you out: https://github.com/liamnichols/UIDevice-PasscodeStatus
I am developing a business app for use on an iPad/iPod Touch. I am wondering if there is a way to restrict usage on the device to my app only. In other words, we don't want employees installing other apps such as games and playing around with the devices.
Yes, that's possible.
Check out the iOS Configuration Profile Programming Guide.
Edit: See the section about restrictions, it will allow you to do exactly what you need. Note however that you'll need to have access to those devices, ideally the devices should be company property. And you need to distribute your app via Enterprise Distribution.
Edit 2: Since iOS6, this feature is available through the normal settings app. It is called "Guided Access" and is part of the Accessibility settings. It will let you disable the home button (cancel guided access by triple-clicking the home button and enter the preset code) and it will even let you define areas within apps which should be disabled.
I don't think so, unless their device is jailbroken.
If they're logged into an Exchange server you could remote-wipe their phone if they install anything.
Do you provide the devices? Or they bring their own?
If you provide the devices that would mean you can use your Apple-id. If an employee would try to download any other app he would need the password of your Apple-id. So thats a simple way to prevent that.
Im am not sure if there is a total "lock" of such type.
Is there a chance to check for this additional protection of the device?
Would like to warn users, if only ordinary DataProtection
(without passcode) is set on their devices.
Thanks,
Dilettanto
I don't believe there is any API (MonoTouch or native iOS) that will allow you to determine this.