5. Increasing Demand
•
57% of CIOs say that mobile devices and apps
are a high priority or essential to their strategic
agenda
•
89% of enterprises support email on mobile
phones and tablets
•
Communications and productivity apps
dominate
Source: “Managing the Complete Customer Experience”, Peggy Anne Salz
GigaOm Research
6. Apps Deliver Value
•
Organizations want apps that enable
interactions that deliver value to their company
and their customers
•
Employees are customers too
•
MDM solutions make it easier for IT to manage
7. “I want a Blackberry
experience on iOS.”
- IT integrator at a Fortune 500
8. IT Crackberry
•
Easy to configure and distribute
•
Minutes, not hours
•
IT always has control of data on the device
•
Normally purchased and owned by the company
•
Device separation
11. User Expectations
•
Rapidly evolving apps that consumers use every
day
•
Emphasis on words like “delight”, “engaging”,
and “experience”
•
Why can’t I do this on my phone or tablet?
12. Enterprises need the benefits delivered by
consumer driven apps, but they also need to
retain some of the protections provided by
traditional enterprise software.
13. Data separation, not device separation,
enables users and protects the enterprise.
How can we enable enterprises to control
the use of their data in our apps?
14. iOS 7 in the Enterprise
Management
Authentication
Networking
Data Security
15. Mobile Device Management
•
Allows IT to manage devices, (un)install apps and
data
•
Single Sign-On
•
Per-app VPN
•
Managed “Open In”
•
iOS 7 allows pushing configuration files to
managed apps
16.
17. App Configuration
•
Read a configuration dictionary from an MDM
server using
[[NSUserDefaults standardUserDefaults]
objectForKey:
@“com.apple.configuration.managed”]
•
Listen for changes using
NSUserDefaultsDidChangeNotification
18. Config Use Cases
•
Disable iCloud sharing
•
Bootstrap URLs for services
•
Company file share location
•
Things IT may want to customize to make your
app usable on the first run
19. // config pushed by MDM stored here
NSDictionary *mdmConfig = [
[NSUserDefaults standardUserDefaults]
dictionaryForKey:@“com.apple.configuration.managed”
];
!
NSNumber *enableCloudSync =
mdmConfig[@“enableCloudSync”];
!
// check that it exists and is the correct type
if(enableCloudSync &&
[enableCloudSync isKindOfClass:[NSNumber class]]) {
…
} else {
// set default value for when unmanaged
}
20. App Feedback
•
Write feedback to NSUserDefaults key
com.apple.feedback.managed!
•
MDM server will read this dictionary from
managed apps
•
Error and usage statistics
•
Aggregate and respect privacy
22. and remember…
•
NSUserDefaults is unprotected
•
Check the defaults every time the app starts
•
Validate your input types and values
•
Keep it small
•
Document your configurable settings
23. Single App Mode
•
MDM can control
•
In iOS 7, a managed app may request
permission to go to single app mode:
UIAccessibilityRequestGuidedAccessSession()
•
Client demo mode, cash registers, specific
employee roles, quizzes and exams
24. Single Sign-On
Built Into iOS!
•
App uses NSURLConnection and/or NSURLSession
•
IT defines app bundle IDs on their MDM server
•
Secured using Kerberos, password stored in the
keychain, not inside the apps
•
NSURLConnection is the backbone of
AFNetworking, NSURLSession is extended in
AFNetworking 2.0
25. App 1
App 2
App 3
VPN
Internet
Enterprise
Per-App VPN
Built Into iOS
26. Control Data Usage
•
Enterprise users may want to limit how much
cellular data their users use
•
urlRequest.allowsCellularAccess = NO;
•
Another opportunity to use managed
configuration profiles to give IT more control
27. Data Security
Built Into iOS!
•
Installed apps are protected automatically with
NSFileProtectionCompleteUntilFirstAuthentication
in iOS 7
•
Consider the sensitivity of each file or type of
data you are saving
28. •
NSFileProtectionNone
read or write anytime
•
NSFileProtectionComplete
encrypted unless the device is unlocked
•
NSFileProtectionCompleteUnlessOpen
if the file is open when unlocked, you may continue
to access it even if the user locks the device.
•
kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly
keeps keychain secrets on one device
29. Managed “Open In”
•
Not every business wants
their “business” on
Facebook
•
Managed apps only share
data with other managed
apps
30. App Licensing
•
Apple is now allowing volume purchasers to buy
licenses that may expire and/or be reassigned to
other users
•
Opens up purchasing models for schools, others
who may share and reuse devices
•
If you support this model, you need to be aware
of app revocation
31. Receipts and Revocation
•
iOS 7 receipts now include volume purchase
information
•
Information that ties your app to this device is on
the receipt
•
Validate that the receipt is still valid using StoreKit
•
You can not quit the app if it’s invalid, but you can
degrade the features/experience