creating enterprise friendly ios apps
DESCRIPTION
You don't need to be enterprise distributed to be an enterprise friendly app. Perhaps you have the next great business solution packaged up in an app, but you just can't get companies to bite. iOS 7 has introduced a variety of ways to make the day to day lives of IT departments easier, and you can make some changes to your application to make it easier for IT to sign off on that purchase of a few hundred copies of your iOS app. In this talk, we'll cover many of the new configuration and management tools included in iOS 7 including: - Mobile Device Mangement (MDM) configuration options - Facilitating control of application sharing (maybe that sensitive file shouldn't be published to Facebook) - App data protection - Enterprise single sign-on - App Store license managementTRANSCRIPT
![Page 1: Creating Enterprise Friendly iOS Apps](https://reader036.vdocuments.mx/reader036/viewer/2022081504/555ab252d8b42a405b8b4e9a/html5/thumbnails/1.jpg)
Creating Enterprise Friendly iOS Apps
MoDevEast 2013 December 12, 2013
![Page 2: Creating Enterprise Friendly iOS Apps](https://reader036.vdocuments.mx/reader036/viewer/2022081504/555ab252d8b42a405b8b4e9a/html5/thumbnails/2.jpg)
About Me
Tony Lenzi
Technical Lead and iOS Developer
@tonylenzi
![Page 3: Creating Enterprise Friendly iOS Apps](https://reader036.vdocuments.mx/reader036/viewer/2022081504/555ab252d8b42a405b8b4e9a/html5/thumbnails/3.jpg)
![Page 4: Creating Enterprise Friendly iOS Apps](https://reader036.vdocuments.mx/reader036/viewer/2022081504/555ab252d8b42a405b8b4e9a/html5/thumbnails/4.jpg)
![Page 5: Creating Enterprise Friendly iOS Apps](https://reader036.vdocuments.mx/reader036/viewer/2022081504/555ab252d8b42a405b8b4e9a/html5/thumbnails/5.jpg)
Increasing Demand• 57% of CIOs say that mobile devices and apps
are a high priority or essential to their strategic agenda
• 89% of enterprises support email on mobile phones and tablets
• Communications and productivity apps dominate
Source: “Managing the Complete Customer Experience”, Peggy Anne Salz GigaOm Research
![Page 6: Creating Enterprise Friendly iOS Apps](https://reader036.vdocuments.mx/reader036/viewer/2022081504/555ab252d8b42a405b8b4e9a/html5/thumbnails/6.jpg)
Apps Deliver Value
• Organizations want apps that enable interactions that deliver value to their company and their customers
• Employees are customers too
• MDM solutions make it easier for IT to manage
![Page 7: Creating Enterprise Friendly iOS Apps](https://reader036.vdocuments.mx/reader036/viewer/2022081504/555ab252d8b42a405b8b4e9a/html5/thumbnails/7.jpg)
- IT integrator at a Fortune 500
“I want a Blackberry experience on iOS.”
![Page 8: Creating Enterprise Friendly iOS Apps](https://reader036.vdocuments.mx/reader036/viewer/2022081504/555ab252d8b42a405b8b4e9a/html5/thumbnails/8.jpg)
IT Crackberry• Easy to configure and distribute
• Minutes, not hours
• IT always has control of data on the device
• Normally purchased and owned by the company
• Device separation
![Page 9: Creating Enterprise Friendly iOS Apps](https://reader036.vdocuments.mx/reader036/viewer/2022081504/555ab252d8b42a405b8b4e9a/html5/thumbnails/9.jpg)
Confidentiality
AvailabilityIntegrity
Information!Security
![Page 10: Creating Enterprise Friendly iOS Apps](https://reader036.vdocuments.mx/reader036/viewer/2022081504/555ab252d8b42a405b8b4e9a/html5/thumbnails/10.jpg)
What’s Changed
![Page 11: Creating Enterprise Friendly iOS Apps](https://reader036.vdocuments.mx/reader036/viewer/2022081504/555ab252d8b42a405b8b4e9a/html5/thumbnails/11.jpg)
User Expectations
• Rapidly evolving apps that consumers use every day
• Emphasis on words like “delight”, “engaging”, and “experience”
• Why can’t I do this on my phone or tablet?
![Page 12: Creating Enterprise Friendly iOS Apps](https://reader036.vdocuments.mx/reader036/viewer/2022081504/555ab252d8b42a405b8b4e9a/html5/thumbnails/12.jpg)
Enterprises need the benefits delivered by
consumer driven apps, but they also need to
retain some of the protections provided by
traditional enterprise software.
![Page 13: Creating Enterprise Friendly iOS Apps](https://reader036.vdocuments.mx/reader036/viewer/2022081504/555ab252d8b42a405b8b4e9a/html5/thumbnails/13.jpg)
Data separation, not device separation, enables users and protects the enterprise.
How can we enable enterprises to control the use of their data in our apps?
![Page 14: Creating Enterprise Friendly iOS Apps](https://reader036.vdocuments.mx/reader036/viewer/2022081504/555ab252d8b42a405b8b4e9a/html5/thumbnails/14.jpg)
iOS 7 in the EnterpriseManagement
Authentication
Networking
Data Security
![Page 15: Creating Enterprise Friendly iOS Apps](https://reader036.vdocuments.mx/reader036/viewer/2022081504/555ab252d8b42a405b8b4e9a/html5/thumbnails/15.jpg)
Mobile Device Management• Allows IT to manage devices, (un)install apps and
data
• Single Sign-On
• Per-app VPN
• Managed “Open In”
• iOS 7 allows pushing configuration files to managed apps
![Page 16: Creating Enterprise Friendly iOS Apps](https://reader036.vdocuments.mx/reader036/viewer/2022081504/555ab252d8b42a405b8b4e9a/html5/thumbnails/16.jpg)
![Page 17: Creating Enterprise Friendly iOS Apps](https://reader036.vdocuments.mx/reader036/viewer/2022081504/555ab252d8b42a405b8b4e9a/html5/thumbnails/17.jpg)
App Configuration
• Read a configuration dictionary from an MDM server using [[NSUserDefaults standardUserDefaults] objectForKey: @“com.apple.configuration.managed”]
• Listen for changes using NSUserDefaultsDidChangeNotification
![Page 18: Creating Enterprise Friendly iOS Apps](https://reader036.vdocuments.mx/reader036/viewer/2022081504/555ab252d8b42a405b8b4e9a/html5/thumbnails/18.jpg)
Config Use Cases
• Disable iCloud sharing
• Bootstrap URLs for services
• Company file share location
• Things IT may want to customize to make your app usable on the first run
![Page 19: Creating Enterprise Friendly iOS Apps](https://reader036.vdocuments.mx/reader036/viewer/2022081504/555ab252d8b42a405b8b4e9a/html5/thumbnails/19.jpg)
// config pushed by MDM stored here NSDictionary *mdmConfig = [ [NSUserDefaults standardUserDefaults] dictionaryForKey:@“com.apple.configuration.managed”
]; !NSNumber *enableCloudSync = mdmConfig[@“enableCloudSync”];
!// check that it exists and is the correct type if(enableCloudSync && [enableCloudSync isKindOfClass:[NSNumber class]]) { … } else { // set default value for when unmanaged }
![Page 20: Creating Enterprise Friendly iOS Apps](https://reader036.vdocuments.mx/reader036/viewer/2022081504/555ab252d8b42a405b8b4e9a/html5/thumbnails/20.jpg)
App Feedback• Write feedback to NSUserDefaults key com.apple.feedback.managed!
• MDM server will read this dictionary from managed apps
• Error and usage statistics
• Aggregate and respect privacy
![Page 21: Creating Enterprise Friendly iOS Apps](https://reader036.vdocuments.mx/reader036/viewer/2022081504/555ab252d8b42a405b8b4e9a/html5/thumbnails/21.jpg)
- (void) webServiceTimeOut { self.timeOutCount += 1; NSMutableDictionary *feedback = [ [NSUserDefaults standardUserDefaults] dictionaryForKey:@“com.apple.feedback.managed”] mutableCopy]; ! if(!feedback) feedback = [NSMutableDictionary dictionary]; ! feedback[@“timeOutCount”] = @(self.timeOutCount); [[NSUserDefaults standardUserDefaults] setObject:feedback forKey:@“com.apple.feedback.managed”]; } !
![Page 22: Creating Enterprise Friendly iOS Apps](https://reader036.vdocuments.mx/reader036/viewer/2022081504/555ab252d8b42a405b8b4e9a/html5/thumbnails/22.jpg)
and remember…• NSUserDefaults is unprotected
• Check the defaults every time the app starts
• Validate your input types and values
• Keep it small
• Document your configurable settings
![Page 23: Creating Enterprise Friendly iOS Apps](https://reader036.vdocuments.mx/reader036/viewer/2022081504/555ab252d8b42a405b8b4e9a/html5/thumbnails/23.jpg)
Single App Mode
• MDM can control
• In iOS 7, a managed app may request permission to go to single app mode: UIAccessibilityRequestGuidedAccessSession()
• Client demo mode, cash registers, specific employee roles, quizzes and exams
![Page 24: Creating Enterprise Friendly iOS Apps](https://reader036.vdocuments.mx/reader036/viewer/2022081504/555ab252d8b42a405b8b4e9a/html5/thumbnails/24.jpg)
Single Sign-OnBuilt Into iOS!
• App uses NSURLConnection and/or NSURLSession
• IT defines app bundle IDs on their MDM server
• Secured using Kerberos, password stored in the keychain, not inside the apps
• NSURLConnection is the backbone of AFNetworking, NSURLSession is extended in AFNetworking 2.0
![Page 25: Creating Enterprise Friendly iOS Apps](https://reader036.vdocuments.mx/reader036/viewer/2022081504/555ab252d8b42a405b8b4e9a/html5/thumbnails/25.jpg)
Per-App VPNBuilt Into iOS
App 1 App 2 App 3
VPN
Enterprise
Internet
![Page 26: Creating Enterprise Friendly iOS Apps](https://reader036.vdocuments.mx/reader036/viewer/2022081504/555ab252d8b42a405b8b4e9a/html5/thumbnails/26.jpg)
Control Data Usage
• Enterprise users may want to limit how much cellular data their users use
• urlRequest.allowsCellularAccess = NO;
• Another opportunity to use managed configuration profiles to give IT more control
![Page 27: Creating Enterprise Friendly iOS Apps](https://reader036.vdocuments.mx/reader036/viewer/2022081504/555ab252d8b42a405b8b4e9a/html5/thumbnails/27.jpg)
Data Security
Built Into iOS!
• Installed apps are protected automatically with NSFileProtectionCompleteUntilFirstAuthentication in iOS 7
• Consider the sensitivity of each file or type of data you are saving
![Page 28: Creating Enterprise Friendly iOS Apps](https://reader036.vdocuments.mx/reader036/viewer/2022081504/555ab252d8b42a405b8b4e9a/html5/thumbnails/28.jpg)
• NSFileProtectionNoneread or write anytime
• NSFileProtectionCompleteencrypted unless the device is unlocked
• NSFileProtectionCompleteUnlessOpenif the file is open when unlocked, you may continue to access it even if the user locks the device.
• kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly keeps keychain secrets on one device
![Page 29: Creating Enterprise Friendly iOS Apps](https://reader036.vdocuments.mx/reader036/viewer/2022081504/555ab252d8b42a405b8b4e9a/html5/thumbnails/29.jpg)
Managed “Open In”
• Not every business wants their “business” on Facebook
• Managed apps only share data with other managed apps
![Page 30: Creating Enterprise Friendly iOS Apps](https://reader036.vdocuments.mx/reader036/viewer/2022081504/555ab252d8b42a405b8b4e9a/html5/thumbnails/30.jpg)
App Licensing• Apple is now allowing volume purchasers to buy
licenses that may expire and/or be reassigned to other users
• Opens up purchasing models for schools, others who may share and reuse devices
• If you support this model, you need to be aware of app revocation
![Page 31: Creating Enterprise Friendly iOS Apps](https://reader036.vdocuments.mx/reader036/viewer/2022081504/555ab252d8b42a405b8b4e9a/html5/thumbnails/31.jpg)
Receipts and Revocation• iOS 7 receipts now include volume purchase
information
• Information that ties your app to this device is on the receipt
• Validate that the receipt is still valid using StoreKit
• You can not quit the app if it’s invalid, but you can degrade the features/experience
![Page 32: Creating Enterprise Friendly iOS Apps](https://reader036.vdocuments.mx/reader036/viewer/2022081504/555ab252d8b42a405b8b4e9a/html5/thumbnails/32.jpg)
Questions
![Page 33: Creating Enterprise Friendly iOS Apps](https://reader036.vdocuments.mx/reader036/viewer/2022081504/555ab252d8b42a405b8b4e9a/html5/thumbnails/33.jpg)
References• “Extending your Apps for Enterprise and
Education Use”Session 301, WWDC 2013
• “Managing Apple Devices”Session 300, WWDC 2013
• “Using Receipts to Protect Digital Sales” Session 308, WWDC 2013