Is there any way to restrict internet connection for any applications but currently running (my app)?
May be some configuration profile to make only one application running, or another way?
As far as I know this is only possible possible with the Enterprise Developer Program. There you can push profiles on the devices. These profiles can contain all kinds of restrictions.
Related
I'm developing a parental control application for iOS. I want to block some applications on children's devices by order of their parents. after a lot of searches, I realized that we must use something called an MDM server. but I don't know how can I set up an MDM server and should I use third party services? Does Apple have any solution for this? I mean something that can be implemented easily. we will have a lot of users for this project and we must choose a stable and reliable solution.
I already have an Apple Enterprise Developer program membership.
thanks in advance.
In my project, I need to install application to iOS devices using a desktop EXE. I use libimobiledevice command to install the application and it works fine. As I use enterprise developer profile, I know I need to trust profile from Settings. To trust a profile it needs internet connection as per Apple.
iOS9 Untrusted Enterprise Developer with no option to trust
But on my case, there will not be any internet connection in device, but we have internet connection in Desktop PC where the EXE runs. Is there any option to launch Enterprise IPA file without having internet connection.
I learn MDM Apple Enterprise distribution but not sure whether it will survive my purpose.
Is there any possible way to launch the enterprise IPA without having internet connection in iOS device.
You need to be able to verify the Enterprise Certificate in the app with Apple, as they are the ones giving you a licence to install apps outside the appstores.
That's just the way these Enterprise ID's work.
if the desktop PC's have iTunes, you could try dropping the ipa in there and see if this antique program can help you out.
This would definitely require some hacking. One approach may be to edit the hosts file of the computer when installing using the executable, launching your own server to listen to the port specified in the hosts file, and replicate the response given by server in a real life scenario. (you can probably use charles or fiddler to trace the response which is suppose to be given by the server.
Basically, the verification of the cert would be done by the local server you are running.
This, of course, is quite complex as a task... good luck!
Is it possible to have MDM profiles stored locally on a device and then switched dynamically? Preferably by an API so an App could do this. With an MDM such as Absolute Manage MDM and Meraki they say this can not be done.
I understand that any App is sandboxed and I myself feel like this is not possible but I need some answers to tell management rather than me just saying no.
Jailbreaking is an option but only if there is no other way.
Any help would be great. Thanks
You can do this, if your have local MDM server (meaning running on a device itself). This way you can switch profiles locally.
There is no public API to manipulate profiles for iOS. And as I remember private API's which are designed to do that are protected by entitlements. So, signing an app with enterprise cert isn't an option.
Jailbreak is an option.
P.S. I have no idea how Absolute Manage MDM and Meraki does what they claim to do.
After further research this was not possible with iOS. I called several MDM providers and spoke to qualified engineers that confirm it not possible without internet connectivity.
I'm in charge of developing an application for my company. It'll only be used by my company. I found the Enterprise Program.
I read
iOS Developer Enterprise Program
but I also read something about MDM iOS that I need to implement.
Is MDM needed to distribute my app? Also, how will my coworkers be able to download the app? How does Apple know they are authorized, and not some random guy who found the link on Google?
You don’t need to do MDM for the enterprise program as far as I know. As for preventing people from downloading the app, I think you just have to keep the link private, or put it behind a URL that can only be accessed on your company network or VPN. And of course, require login, so someone can’t access your internal information just by downloading the app! Presumably, Apple will revoke your enterprise privileges if they find you are abusing them.
Source: I worked at a company that used enterprise distribution for internal beta distribution, among other things.
One of my clients has 30 iPads that are used with an in-house developed app. The "Ad Hoc" distribution model is easy to implement if the number of deployed devices is less than 100. This approach is sometimes described as a "Beta test" approach, but that's just one common use for it.
See these pages:
https://developer.apple.com/library/ios/documentation/IDEs/Conceptual/AppDistributionGuide/TestingYouriOSApp/TestingYouriOSApp.html
Ad-hoc Deployment
I have posted this question on SO since I think it is the most logical place to find people with a lot of experience with the iOS Enterprise program.
For my company, we are developing an in-house app. We would like to deploy this app with the minimum effort required on the user's side <1>, as it should be possible to quickly install it for incoming colleagues. Additionally, we can't always guarantee an up and running internet connection at install time <2>. The in-house app is to be downloaded on our premises from a webserver through wifi.
We are currently not enrolled in the enterprise program, as we're investigating whether or not our goals can be realized.
As for <1>, what we've found is that UDIDs are not necessary to include in the provisioning profile for enterprise deployment. What is needed, is a provisioning profile. Now, here are my first concrete questions:
are any additional steps necessary before a provisioning profile can be installed?
can the provisioning profile be embedded within the app as can be done for OTA betas? This would save a user the step of installing the profile.
For <2>, the following issues come to mind:
here it states that access is needed to ax.init.itunes.apple.com and ocsp.apple.com. The former for querying the max allowable GPRS app file size. It doesn't sound relevant when your goal is to distribute over wifi, but the page says "If this site isn’t reachable, installation may fail." so it does concern me a bit. The latter one seems less severe as it is stated that "Inability to contact or get a response from the OCSP server isn’t interpreted as a revocation", which means that it should be possible to not contact this server right away.
I'm assuming that I can use any URL scheme to point to a local server that provides the app bundle and that there are no restrictions on server configuration.
Summarizing the two: is it possible to install an in-house app from a local server without a functioning internet connection?
Thanks for the help; it's greatly appreciated. As I have no prior experience with Enterprise deployment, it is tough to be confident that I'm not missing out on the nitty gritty details in Apple's documentation.
Provisioning profile can be embedded.
Your employee's devices requires internet connection when they are downloading the app, so that the device can contact Apple servers you mentioned.