I just successfully implemented a sample push notification in iOS. Currently, I used the device token in sending the message.Now, I have a question regarding Push Notification requirements. Can we use the UDID of the device for Push Notification instead of Device Token? I know the device token can do the work alone but is it possible to use UDID for push notification? Does Apple allow that?
No, you can only use the Device Token. The push notification server API will only accept Device tokens and will also check if you are allowed to send a notification to that installation by checking the Certificate.
The Device token is unique for your app on a specific device. If the user has multiple devices he/she will also have multiple device tokens (one for each install of your app).
When the user deletes your app and reinstalls it the device token can also change.
Also, the UDID is no longer useable by developers, Apple has restricted the use of the UDID and you can longer use the UDID anywhere in your code.
No, you can not use UDID for push notification. Lets understand what these things are actually.
UDID - (iOS Unique Device ID) A number in each iPhone that is used by developers to distribute new apps directly into the phone for testing purposes before they are available in the App Store. The UDIDs are used to create an Apple-certified provisioning file that is dragged with the app into iTunes.
The UDID is not visible on the phone. It has to be revealed in iTunes, and it cannot be highlighted and copied like normal text. To retrieve the UDID you would need to do the following:
Connect your iPad to your computer, and run iTunes.
Select your device in the 'Device' list. On the right side, you'll see information about your device.
Click the Serial Number. It will switch to displaying your UDID.
Press Cmd-C to copy the UDID to your clipboard.
NOTE:
Any app in the iTunes App Store that provides UDID is a fake app. UDID can not be retrieved by code, as defined above it has to be
taken manually via iTunes Software or from XCode's Connected Device Listing.
Device Token - An identifier for the Apple Push Notification System for iOS devices. Each device has two device tokens – one for development, and one for production (ad hoc or app store builds). The tokens are 64 hexadecimal characters.
Device token is to be register in 3rd party servers and the third party server talks to APNS server. So Apple server is communicate to clients using device token. Instead of device token if you pass the UDID it will fail. Moreover Apple is restricting to access Device UDID.
Related
I've downloaded multiple UDID mobile applications and they are not consistent with the UDID on my iTunes dashboard. UDID+, UDID, and UDID Tool are generating different codes that are no where close...same device. I am just curious as to why.
Apple doesn't allow to get UDID anymore from iOS6. It's for security reasons. Apple doesn't want you can identify a device. It's the reason because when you try to get an UDID using apps you get something like FFFFFF... If you need to get the UDID of your device you only need to switch your device to your laptop, open iTunes, go to Device and in the Summary option (tab or lateral menu depending of your iTunes version) you will see Serial Number. Click over your serial number with your mouse and you will see the UDID.
Connect your device to your computer
Open iTunes
Click in your device
Go to Summary option
Click with your mouse in Serial Number
Second mouse button click over UDID number to copy it or Cmd + C
UDID app store apps doesnt work anymore since apple disapproved using it. If you want to get UDID of yourself or remote devices you can use this website it's super easy and comfortable.
I asked a question recently about whether I can have parental control over iOS devices.
Link of the question is below :-
Is it possible to write a parental control app for iOS?
A senior developer answered and said this is not possible to do without jailbreak.
But i found an app named "OurPact" and by using that i can control any other device. How they can have parental control if this not possible in iOS?
OurPact use the Mobile Device Management (MDM) protocol, which provides a way to tell a device to execute certain management commands remotely. The way it works is straightforward.
During installation:
The user or administrator tells the device to install an MDM payload.
The device connects to the check-in server. The device presents its identity certificate for authentication, along with its UDID and push notification topic.
If the server accepts the device, the device provides its push notification device token to the server. The server should use this token to send push messages to the device. This check-in message also contains a PushMagic string. The server must remember this string and include it in any push messages it sends to the device.
During normal operation:
The server (at some point in the future) sends out a push notification to the device.
The device polls the server for a command in response to the push notification.
The device performs the command.
The device contacts the server to report the result of the last command and to request the next command
Access Rights
Allow inspection of installed configuration profiles.
Allow installation and removal of configuration profiles.
Allow device lock and passcode removal.
Allow device erase.
Allow query of Device Information (device capacity, serial number).
Allow query of Network Information (phone/SIM numbers, MAC addresses).
Allow inspection of installed provisioning profiles.
Allow installation and removal of provisioning profiles.
Allow inspection of installed applications.
Allow restriction-related queries.
Allow security-related queries.
Allow manipulation of settings. Availability: Available in iOS 5.0 and later.
Allow app management. Availability: Available in iOS 5.0 and later.
About Mobile Device Management
The Mobile Device Management (MDM) protocol provides a way for system administrators to send device management commands to managed iOS devices running iOS 4 and later, macOS devices running macOS v10.7 and later, and Apple TV devices running iOS 7 (Apple TV software 6.0) and later. Through the MDM service, an IT administrator can inspect, install, or remove profiles; remove passcodes; and begin secure erase on a managed device.
The MDM protocol is built on top of HTTP, transport layer security (TLS), and push notifications. The related MDM check-in protocol provides a way to delegate the initial registration process to a separate server.
MDM uses the Apple Push Notification Service (APNS) to deliver a “wake up” message to a managed device. The device then connects to a predetermined web service to retrieve commands and return results.
To provide MDM service, your IT department needs to deploy an HTTPS server to act as an MDM server, then distribute profiles containing the MDM payload to your managed devices.
A managed device uses an identity to authenticate itself to the MDM server over TLS (SSL). This identity can be included in the profile as a Certificate payload or it can be generated by enrolling the device with SCEP.
Ref -
Here the complete guide about How to Create a Verified iOS Mobile Device Management (MDM) profile/certificate.
Official Apple Document about MDM
Is there any way I can retrieve the UID of an IOS device from a webpage, I believe it needs to be the actual device ID and not one I have made up due to it being used for Apple Push Notifications. I may be wrong...
If you are talking about UDID, then you can not. According to the Apple Guidelines, application using device UDID cannot be uploaded on appstore and apple will reject your applicaton when you submit it for review. In place of UDID you can use UUID of the device.
We have an app that needs to read from com.apple.configuration.managed when it is installed from our MDM server, JAMF. This works perfectly fine.
The problem scenario is:
The data MDM data persists if a user downloads the app from JAMF, uninstalls, then reinstalls from TestFlight or the AppStore. When the user reinstalls from TestFlight or the AppStore, the app still reads the old data from com.apple.configuration.managed.
Is there a way to check if the device is actually connected to an MDM server? That way it won't read from the configuration profile if it's not
Many of the MDM vendors have iOS SDKs that you can add to your app that will allow the app to communicate with the MDM and verify whether the device is enrolled. I do not have any experience with JAMF and a quick Google search did not return anything promising.
Some of the MDM vendors have gotten creative in how their App SDK communicates with the MDM to identify the device that the app is running on now that iOS 7 makes it impossible for the app to obtain the device's UDID.
That being said, the best solution I can think of would be to have the MDM push down the device's UDID to the app in the managed config (com.apple.configuration.managed) and then use a web service call back to the MDM to query whether the device is currently enrolled.
Then in your app you would simply check for the existence of the managed config, and if it exists pull out the UDID and make a web service call to your MDM to determine whether the device is enrolled.
Accessing device uniqueIdentifier is depracated in iOS7. There is Vendor ID as an identifier but it is erased with removal of the last app for that Team ID. Is there anything else used by MDM systems?
Actually, iOS MDM is purely server technology. Meaning that MDM client is integrated in iOS. What you may have seen are some MDM boostratp applications which are installed on iOS device. However, all they do are triggering device configuration (installation of MDM config profile).
However, as part of the MDM protocol, you can get UDID of device (using DeviceInformation command). However, you can get it on the server (not in your iOS app).
Many posts indicate that there is no Apple-approved standard way of doing this anymore. Unique identifier for an iPhone app is a good read about this. However, further down in the answers on that page, there is a notion how the same effect can be achieved using SSKeychain for persisting a self-generated UUID even over the boundaries of app reinstalls and multiple apps.
In AirWatch, devices are enrolled through a identification process on the device. That way, AirWatch gets all the characteristics of the device (Type, OS, Serial Number, UDID, ...)
Your best bet is to leverage your MDM's capabilities to back-feed any purely unique identifier (ie: Serial, UDID) on the device into your app layer. For instance AirWatch allows you to, upon installation/deployment of your app, bundle dynamic identifiers per the device installing the app via Managed App Config. It will send a key to the device containing its own UDID, Serial, etc.