I have downloaded some Applications from Blackberry AppWorld and they run without the need to set APN setting, all the apps the client server based. But when I install my app(the jad file) via OTA into the device,its ask for APN settings to run my app.
If i set the APN,it executes fine,but i want it to execute without setting the APN like other apps are working. I have also set in the Connector.open(url +";deviceside=false"),still no success.My device is 8520 4.6.1.Can anyone please help?
Are you a member of the BlackBerry Alliance Program? It is possible that the vendors of the other apps are members and so have access to BIS connections, while if you are not, your app will not have access to BIS connections, thus requiring the APN settings for a direct connection.
Related
I have an own application which runs on a Web Server. I want to use the server as an MDM server so that I can remotely push my mobile application to user's mobile devices and control my mobile application on the user's device remotely.
After googling, I found out this concept was called MDM. I did not find a solution to remotely install my Android application though. But for iOS application, I found out a way.
The Apple Push Certificate Portal can be used for this. It says Upload CSR signed by third party vendor. I don't understand who the third party vendor is.
I have an SSL certificate for my application running on the web server. I uploaded the CSR generated to get the SSL certificate to the Apple's Push Certificate Portal but it says Invalid.
So, can you please help me understand the process to configure an MDM server and controll my mobile applications on the user's devices.
You need to have an Enterprise account with the Apple to do that.
Refer
Sample iOS server
MDM
In my project, I need to install application to iOS devices using a desktop EXE. I use libimobiledevice command to install the application and it works fine. As I use enterprise developer profile, I know I need to trust profile from Settings. To trust a profile it needs internet connection as per Apple.
iOS9 Untrusted Enterprise Developer with no option to trust
But on my case, there will not be any internet connection in device, but we have internet connection in Desktop PC where the EXE runs. Is there any option to launch Enterprise IPA file without having internet connection.
I learn MDM Apple Enterprise distribution but not sure whether it will survive my purpose.
Is there any possible way to launch the enterprise IPA without having internet connection in iOS device.
You need to be able to verify the Enterprise Certificate in the app with Apple, as they are the ones giving you a licence to install apps outside the appstores.
That's just the way these Enterprise ID's work.
if the desktop PC's have iTunes, you could try dropping the ipa in there and see if this antique program can help you out.
This would definitely require some hacking. One approach may be to edit the hosts file of the computer when installing using the executable, launching your own server to listen to the port specified in the hosts file, and replicate the response given by server in a real life scenario. (you can probably use charles or fiddler to trace the response which is suppose to be given by the server.
Basically, the verification of the cert would be done by the local server you are running.
This, of course, is quite complex as a task... good luck!
I'm researching about MDM in iOS, and find out information about Apple’s native iOS mobile device management. Once the device is enrolled into a MDM server, server can manage the device by sending commands. I tested on a MDM server and saw that without installing MDM agent app on device, server can still send profiles and apply policies to the device.
Could anyone help me to address:
Is Apple’s native iOS mobile device management built inside the iOS itself?
Can MDM server manage device (install apps, disable camera, iTunes...) without installing a MDM agent app?
How can the device itself can communicate with MDM server and install profiles sent from server automatically?
Do I need an enterprise account to use iOS MDM service?
Where can I find documents about MDM API and how to use it?
Is Apple’s native iOS mobile device management built inside the iOS itself?
Yes - as of iOS4 devices become MDM-capable.
Can MDM server manage device (install apps, disable camera, iTunes...) without installing a MDM agent app?
Yes. The only thing an MDM Agent app will get you is the ability to report back on the device's IP address / network information, custom logging, etc. By default iOS does not allow for "tracking" a user's network details.
How can the device itself can communicate with MDM server and install profiles sent from server automatically?
This is what I refer to as "the circle of hell". Your MDM sends command/installation packets to the APNs server, the APNs server tells the device it has a pending command from the MDM, the device reaches out to the MDM for its instructions and acknowledges. My nickname is for the trouble it takes to get firewall permissions setup in large enterprises.
Do I need an enterprise account to use iOS MDM
service? Where can I find documents about MDM API and how to use it?
To use an MDM service you do not need an Enterprise account. To create an MDM service and access its documentation you do need an Enterprise account at $299/year.
Yes.
N/A as the 'agent' is already built in iOS
To manage a device by MDM, the device must be enrolled manually first. During the enrollment process, a configuration file will be installed in the device containing the information of the MDM server. The MDM framework also make use of push notification to communicate with the device.
Yes. In addition, you also need the ability to generate MDM Vendor Certificate on Apple's Developer Portal.
Is Apple’s native iOS mobile device management built inside the iOS
itself?
Yes , Apple has secured mdm-client bundled in each Apple product . We can make use of the client upon enrolling . There is supervised enrollment where mdm-client can perform more privileged task .
Can MDM server manage device (install apps, disable camera, iTunes...)
without installing a MDM agent app?
Yes , Once device is enrolled you can apply restrictions on iOS and macOS , install apps silently using VPP etc . Refer Configuration-Profile-Reference.pdf Page 67 for list of all restrictions
How can the device itself can communicate with MDM server and install
profiles sent from server automatically?
Like iOS apps , mdm-client responds to notifications through APNS . The server in which device is enrolled will have push-magic string,device token and a topic device listens to these helps the server to notify device . Device will then ping the server. I have attached Official MDM guide that you can refer for more details.
Do I need an enterprise account to use iOS MDM service?
Here you have two options , if you want to build your own MDM solution then like i said before you would need to notify device so that it contacts your MDM server upon enrollment . Similar to building iOS app , you need an developer account to create a APNS certificate (refer here) to notify default mdm-client.
Or you you just wish to manage your device , you need not require a developer certificate. MDM vendors would use their certificate for signing, and you would need an apple id account to use upload certificate provided by your MDM to notify devices.
Where can I find documents about MDM API and how to use it?
Refer below links to getting started with MDM . Comment your queries for any help.
1. Setting up MDM and MDM Protocol
2. Restrictions and other MDM profiles
3. Apple business manager
I'm going to attend a MDM project in iOS (client side) but after searching, I still don't know how MDM really works. Can anyone explain something for me?
Problem:
My server needs to control the list of applications are installed on devices (install and remove app).
Expected Solution:
There need an app installed on devices which plays the role of client (MY APP).
When needed, server will push a notification to client via Apple push notification server.
After receiving notification, client app will connect to server to get server command (ex: installing app A)
After getting command, MY APP automatically download A and install it.
My question: Is that the way MDM work?
If yes, how MY APP can install another app when it has no right to do it (due to sandbox) and whether server can config the access right for an app on devices. If possible, anyone can give me an example of code for MDM client side to clear my stuff things?
If no, it means that the server will be the one who install app A on device (instead of MY APP). In that case, how server can do that?
iOS MDM is clientless protocol. So, you develop a server, but you don't develop a client application for it. Actually, there is a client app, but it's developed by Apple and built into operation system.
So, your server will send a command, built-in MDM client will receive and execute it.
Generally speaking, if you want to develop MDM server, you need to register into Enterprise Developer Program and get MDM documentation.
There is some reverse engineered documentation here: http://media.blackhat.com/bh-us-11/Schuetz/BH_US_11_Schuetz_InsideAppleMDM_WP.pdf
And iOS MDM protocol support Install/Remove application command.
MDM means Mobile Device Management. This is same concept used in many corporations have been using for desktops and laptops. They installs some softwares on PCs that allows to monitor activities on those PCs. Same way in MDM they installs applications on your mobile device that allows to monitor activities on mobile devices.
You can refer some MDM provider to get batter idea. e.g. http://www.air-watch.com/
We have an app that needs to read from com.apple.configuration.managed when it is installed from our MDM server, JAMF. This works perfectly fine.
The problem scenario is:
The data MDM data persists if a user downloads the app from JAMF, uninstalls, then reinstalls from TestFlight or the AppStore. When the user reinstalls from TestFlight or the AppStore, the app still reads the old data from com.apple.configuration.managed.
Is there a way to check if the device is actually connected to an MDM server? That way it won't read from the configuration profile if it's not
Many of the MDM vendors have iOS SDKs that you can add to your app that will allow the app to communicate with the MDM and verify whether the device is enrolled. I do not have any experience with JAMF and a quick Google search did not return anything promising.
Some of the MDM vendors have gotten creative in how their App SDK communicates with the MDM to identify the device that the app is running on now that iOS 7 makes it impossible for the app to obtain the device's UDID.
That being said, the best solution I can think of would be to have the MDM push down the device's UDID to the app in the managed config (com.apple.configuration.managed) and then use a web service call back to the MDM to query whether the device is currently enrolled.
Then in your app you would simply check for the existence of the managed config, and if it exists pull out the UDID and make a web service call to your MDM to determine whether the device is enrolled.