Accessing device uniqueIdentifier is depracated in iOS7. There is Vendor ID as an identifier but it is erased with removal of the last app for that Team ID. Is there anything else used by MDM systems?
Actually, iOS MDM is purely server technology. Meaning that MDM client is integrated in iOS. What you may have seen are some MDM boostratp applications which are installed on iOS device. However, all they do are triggering device configuration (installation of MDM config profile).
However, as part of the MDM protocol, you can get UDID of device (using DeviceInformation command). However, you can get it on the server (not in your iOS app).
Many posts indicate that there is no Apple-approved standard way of doing this anymore. Unique identifier for an iPhone app is a good read about this. However, further down in the answers on that page, there is a notion how the same effect can be achieved using SSKeychain for persisting a self-generated UUID even over the boundaries of app reinstalls and multiple apps.
In AirWatch, devices are enrolled through a identification process on the device. That way, AirWatch gets all the characteristics of the device (Type, OS, Serial Number, UDID, ...)
Your best bet is to leverage your MDM's capabilities to back-feed any purely unique identifier (ie: Serial, UDID) on the device into your app layer. For instance AirWatch allows you to, upon installation/deployment of your app, bundle dynamic identifiers per the device installing the app via Managed App Config. It will send a key to the device containing its own UDID, Serial, etc.
Related
I was having an issue with 'Archiving' my Xcode because my iOS device wasn't functioning.
A colleague has offered to provide his UDID / serial for his iOS device to allow me to archive my project.
Is this safe?
Does this compromise my account safety?
Does it give any of my information over to him?
You do not need a device to archive an app. Choose "Gereric iOS Device" from the device dropdown list:
The only thing this allows is the ability to install the app onto his device. Once the app is on his device, if he has the skill, he can extract any license keys and even reverse engineer portions of your app.
That said, these are all things that any user who has your app can do if you haven't guarded against such abuse.
In my iOS app, I have to restrict the user to use iOS app per device. To do this I found a solution that we can use the identifierForVendor method of UUID (Universally Unique Identifier) which will generate a unique ID to uniquely identify an app on a device. (Here, I am not using UDID (Unique Device Identifier) because Apple rejects apps if the app uses UDID).
So my question as is there any possibilities that the two devices will have the same UUID. any idea?
EDIT 1:
I have one more doubt as if I installed the same app on different two devices and save its UUID string into the device KeyChain. Both devices have same iCloud account. Now while doing iCloud sync for this two devices, is one my device KeyChain will gets overwritten?
EDIT 2:
I have found answer for EDIT 1 as 'Yes, through iCloud Keychain, the keychain would be synced to another one of my devices, and I’d get the same device identifier from here and from below answer too'
For the item to be synced with iCloud keychain, I’d need to explicitly set the kSecAttrSynchronizable attribute. Using the SecItem API, we can set this attribute while adding a keychain item.
Is there any tutorial how to add item in Keychain (Without third party libraries)?
No, Two device does not have the same UUID. I am 100% Sure about it. So go with identifierForVendor method.
But, The UUID may be changed when you reinstall the the application in your device (If there is not other application for the same vendor).
The value in this property remains the same while the app (or another app from the same vendor) is installed on the iOS device. The value changes when the user deletes all of that vendor’s apps from the device and subsequently reinstalls one or more of them. The value can also change when installing test builds using Xcode or when installing an app on a device using ad-hoc distribution. Therefore, if your app stores the value of this property anywhere, you should gracefully handle situations where the identifier changes.
EDIT
YOUR QUESTION
I have one more doubt as if I installed the same app on different two devices and save its UUID string into the device KeyChain. Both devices have same iCloud account. Now while doing iCloud sync for this two devices, is one my device KeyChain will gets overwritten?
ANSWER
YES. Your keychain will gets overwritten. So you have same UUID for both 2 devices.
I thought is NO!
The value of this property is the same for apps that come from the same vendor running on the same device. A different value is returned for apps on the same device that come from different vendors, and for apps on different devices regardless of vendor.
Normally, the vendor is determined by data provided by the App Store. If the app was not installed from the app store (such as enterprise apps and apps still in development), then a vendor identifier is calculated based on the app’s bundle ID. The bundle ID is assumed to be in reverse-DNS format.
We have an app that needs to read from com.apple.configuration.managed when it is installed from our MDM server, JAMF. This works perfectly fine.
The problem scenario is:
The data MDM data persists if a user downloads the app from JAMF, uninstalls, then reinstalls from TestFlight or the AppStore. When the user reinstalls from TestFlight or the AppStore, the app still reads the old data from com.apple.configuration.managed.
Is there a way to check if the device is actually connected to an MDM server? That way it won't read from the configuration profile if it's not
Many of the MDM vendors have iOS SDKs that you can add to your app that will allow the app to communicate with the MDM and verify whether the device is enrolled. I do not have any experience with JAMF and a quick Google search did not return anything promising.
Some of the MDM vendors have gotten creative in how their App SDK communicates with the MDM to identify the device that the app is running on now that iOS 7 makes it impossible for the app to obtain the device's UDID.
That being said, the best solution I can think of would be to have the MDM push down the device's UDID to the app in the managed config (com.apple.configuration.managed) and then use a web service call back to the MDM to query whether the device is currently enrolled.
Then in your app you would simply check for the existence of the managed config, and if it exists pull out the UDID and make a web service call to your MDM to determine whether the device is enrolled.
I just successfully implemented a sample push notification in iOS. Currently, I used the device token in sending the message.Now, I have a question regarding Push Notification requirements. Can we use the UDID of the device for Push Notification instead of Device Token? I know the device token can do the work alone but is it possible to use UDID for push notification? Does Apple allow that?
No, you can only use the Device Token. The push notification server API will only accept Device tokens and will also check if you are allowed to send a notification to that installation by checking the Certificate.
The Device token is unique for your app on a specific device. If the user has multiple devices he/she will also have multiple device tokens (one for each install of your app).
When the user deletes your app and reinstalls it the device token can also change.
Also, the UDID is no longer useable by developers, Apple has restricted the use of the UDID and you can longer use the UDID anywhere in your code.
No, you can not use UDID for push notification. Lets understand what these things are actually.
UDID - (iOS Unique Device ID) A number in each iPhone that is used by developers to distribute new apps directly into the phone for testing purposes before they are available in the App Store. The UDIDs are used to create an Apple-certified provisioning file that is dragged with the app into iTunes.
The UDID is not visible on the phone. It has to be revealed in iTunes, and it cannot be highlighted and copied like normal text. To retrieve the UDID you would need to do the following:
Connect your iPad to your computer, and run iTunes.
Select your device in the 'Device' list. On the right side, you'll see information about your device.
Click the Serial Number. It will switch to displaying your UDID.
Press Cmd-C to copy the UDID to your clipboard.
NOTE:
Any app in the iTunes App Store that provides UDID is a fake app. UDID can not be retrieved by code, as defined above it has to be
taken manually via iTunes Software or from XCode's Connected Device Listing.
Device Token - An identifier for the Apple Push Notification System for iOS devices. Each device has two device tokens – one for development, and one for production (ad hoc or app store builds). The tokens are 64 hexadecimal characters.
Device token is to be register in 3rd party servers and the third party server talks to APNS server. So Apple server is communicate to clients using device token. Instead of device token if you pass the UDID it will fail. Moreover Apple is restricting to access Device UDID.
I have a doubt. Please guide me. I am planning to create an iPad app, but I want to install this app on the iPad without using the UDID in my profile. I have checked the "Enterpraise Account", but without this approach (like sideloading apps on android) is there any possible way to do this? Are there any problem that may arise?
Kindly guide me.
No, Your options are either AppStore or Enterprise account. With the enterprise account way having meny restrictions.
The enterprise account will allow you to distributie the app to the register company only, if you do distribute the app to non employees of the company Apple will close down you account.
You could look at jailbreaking, but you won't reach as many user as you will when distributing your app via the AppStore.
Because of the closed nature of the distribution of apps within iOS, you don't have a choice.
The only way to load an application onto a device, without caring what the device ID is, is via the Enterprise programme or App Store. The Enterprise programme is like a controlled, secure, sideloading process (if we want to to have an analogy with Android), but is limited to distribution within an Enterprise only. The App Store means you have to publish the app to Apple, and follow their rules.
To get the app on the device, without using those two methods, you need to create an Ad-Hoc build, but this requires the device ID, as it'll cross-reference it with the provisioning profile provided. If the device ID is not linked with a provisioning profile for the application, the device will not let it run.
The unofficial way to load an app on a device without needing it's device ID is via a jailbroken device, but that's unreliable and requires the user to be tech savvy.
NO, there is no way to distribute app via ad-hoc for any device(not having UDID) without Enterprise license.