Download - Creating Enterprise Friendly iOS Apps
![Page 1: Creating Enterprise Friendly iOS Apps](https://reader036.vdocuments.mx/reader036/viewer/2022081504/555ab252d8b42a405b8b4e9a/html5/thumbnails/1.jpg)
Creating Enterprise Friendly iOS Apps
MoDevEast 2013 December 12, 2013
![Page 2: Creating Enterprise Friendly iOS Apps](https://reader036.vdocuments.mx/reader036/viewer/2022081504/555ab252d8b42a405b8b4e9a/html5/thumbnails/2.jpg)
About Me
Tony Lenzi
Technical Lead and iOS Developer
@tonylenzi
![Page 3: Creating Enterprise Friendly iOS Apps](https://reader036.vdocuments.mx/reader036/viewer/2022081504/555ab252d8b42a405b8b4e9a/html5/thumbnails/3.jpg)
![Page 4: Creating Enterprise Friendly iOS Apps](https://reader036.vdocuments.mx/reader036/viewer/2022081504/555ab252d8b42a405b8b4e9a/html5/thumbnails/4.jpg)
![Page 5: Creating Enterprise Friendly iOS Apps](https://reader036.vdocuments.mx/reader036/viewer/2022081504/555ab252d8b42a405b8b4e9a/html5/thumbnails/5.jpg)
Increasing Demand• 57% of CIOs say that mobile devices and apps
are a high priority or essential to their strategic agenda
• 89% of enterprises support email on mobile phones and tablets
• Communications and productivity apps dominate
Source: “Managing the Complete Customer Experience”, Peggy Anne Salz GigaOm Research
![Page 6: Creating Enterprise Friendly iOS Apps](https://reader036.vdocuments.mx/reader036/viewer/2022081504/555ab252d8b42a405b8b4e9a/html5/thumbnails/6.jpg)
Apps Deliver Value
• Organizations want apps that enable interactions that deliver value to their company and their customers
• Employees are customers too
• MDM solutions make it easier for IT to manage
![Page 7: Creating Enterprise Friendly iOS Apps](https://reader036.vdocuments.mx/reader036/viewer/2022081504/555ab252d8b42a405b8b4e9a/html5/thumbnails/7.jpg)
- IT integrator at a Fortune 500
“I want a Blackberry experience on iOS.”
![Page 8: Creating Enterprise Friendly iOS Apps](https://reader036.vdocuments.mx/reader036/viewer/2022081504/555ab252d8b42a405b8b4e9a/html5/thumbnails/8.jpg)
IT Crackberry• Easy to configure and distribute
• Minutes, not hours
• IT always has control of data on the device
• Normally purchased and owned by the company
• Device separation
![Page 9: Creating Enterprise Friendly iOS Apps](https://reader036.vdocuments.mx/reader036/viewer/2022081504/555ab252d8b42a405b8b4e9a/html5/thumbnails/9.jpg)
Confidentiality
AvailabilityIntegrity
Information!Security
![Page 10: Creating Enterprise Friendly iOS Apps](https://reader036.vdocuments.mx/reader036/viewer/2022081504/555ab252d8b42a405b8b4e9a/html5/thumbnails/10.jpg)
What’s Changed
![Page 11: Creating Enterprise Friendly iOS Apps](https://reader036.vdocuments.mx/reader036/viewer/2022081504/555ab252d8b42a405b8b4e9a/html5/thumbnails/11.jpg)
User Expectations
• Rapidly evolving apps that consumers use every day
• Emphasis on words like “delight”, “engaging”, and “experience”
• Why can’t I do this on my phone or tablet?
![Page 12: Creating Enterprise Friendly iOS Apps](https://reader036.vdocuments.mx/reader036/viewer/2022081504/555ab252d8b42a405b8b4e9a/html5/thumbnails/12.jpg)
Enterprises need the benefits delivered by
consumer driven apps, but they also need to
retain some of the protections provided by
traditional enterprise software.
![Page 13: Creating Enterprise Friendly iOS Apps](https://reader036.vdocuments.mx/reader036/viewer/2022081504/555ab252d8b42a405b8b4e9a/html5/thumbnails/13.jpg)
Data separation, not device separation, enables users and protects the enterprise.
How can we enable enterprises to control the use of their data in our apps?
![Page 14: Creating Enterprise Friendly iOS Apps](https://reader036.vdocuments.mx/reader036/viewer/2022081504/555ab252d8b42a405b8b4e9a/html5/thumbnails/14.jpg)
iOS 7 in the EnterpriseManagement
Authentication
Networking
Data Security
![Page 15: Creating Enterprise Friendly iOS Apps](https://reader036.vdocuments.mx/reader036/viewer/2022081504/555ab252d8b42a405b8b4e9a/html5/thumbnails/15.jpg)
Mobile Device Management• Allows IT to manage devices, (un)install apps and
data
• Single Sign-On
• Per-app VPN
• Managed “Open In”
• iOS 7 allows pushing configuration files to managed apps
![Page 16: Creating Enterprise Friendly iOS Apps](https://reader036.vdocuments.mx/reader036/viewer/2022081504/555ab252d8b42a405b8b4e9a/html5/thumbnails/16.jpg)
![Page 17: Creating Enterprise Friendly iOS Apps](https://reader036.vdocuments.mx/reader036/viewer/2022081504/555ab252d8b42a405b8b4e9a/html5/thumbnails/17.jpg)
App Configuration
• Read a configuration dictionary from an MDM server using [[NSUserDefaults standardUserDefaults] objectForKey: @“com.apple.configuration.managed”]
• Listen for changes using NSUserDefaultsDidChangeNotification
![Page 18: Creating Enterprise Friendly iOS Apps](https://reader036.vdocuments.mx/reader036/viewer/2022081504/555ab252d8b42a405b8b4e9a/html5/thumbnails/18.jpg)
Config Use Cases
• Disable iCloud sharing
• Bootstrap URLs for services
• Company file share location
• Things IT may want to customize to make your app usable on the first run
![Page 19: Creating Enterprise Friendly iOS Apps](https://reader036.vdocuments.mx/reader036/viewer/2022081504/555ab252d8b42a405b8b4e9a/html5/thumbnails/19.jpg)
// config pushed by MDM stored here NSDictionary *mdmConfig = [ [NSUserDefaults standardUserDefaults] dictionaryForKey:@“com.apple.configuration.managed”
]; !NSNumber *enableCloudSync = mdmConfig[@“enableCloudSync”];
!// check that it exists and is the correct type if(enableCloudSync && [enableCloudSync isKindOfClass:[NSNumber class]]) { … } else { // set default value for when unmanaged }
![Page 20: Creating Enterprise Friendly iOS Apps](https://reader036.vdocuments.mx/reader036/viewer/2022081504/555ab252d8b42a405b8b4e9a/html5/thumbnails/20.jpg)
App Feedback• Write feedback to NSUserDefaults key com.apple.feedback.managed!
• MDM server will read this dictionary from managed apps
• Error and usage statistics
• Aggregate and respect privacy
![Page 21: Creating Enterprise Friendly iOS Apps](https://reader036.vdocuments.mx/reader036/viewer/2022081504/555ab252d8b42a405b8b4e9a/html5/thumbnails/21.jpg)
- (void) webServiceTimeOut { self.timeOutCount += 1; NSMutableDictionary *feedback = [ [NSUserDefaults standardUserDefaults] dictionaryForKey:@“com.apple.feedback.managed”] mutableCopy]; ! if(!feedback) feedback = [NSMutableDictionary dictionary]; ! feedback[@“timeOutCount”] = @(self.timeOutCount); [[NSUserDefaults standardUserDefaults] setObject:feedback forKey:@“com.apple.feedback.managed”]; } !
![Page 22: Creating Enterprise Friendly iOS Apps](https://reader036.vdocuments.mx/reader036/viewer/2022081504/555ab252d8b42a405b8b4e9a/html5/thumbnails/22.jpg)
and remember…• NSUserDefaults is unprotected
• Check the defaults every time the app starts
• Validate your input types and values
• Keep it small
• Document your configurable settings
![Page 23: Creating Enterprise Friendly iOS Apps](https://reader036.vdocuments.mx/reader036/viewer/2022081504/555ab252d8b42a405b8b4e9a/html5/thumbnails/23.jpg)
Single App Mode
• MDM can control
• In iOS 7, a managed app may request permission to go to single app mode: UIAccessibilityRequestGuidedAccessSession()
• Client demo mode, cash registers, specific employee roles, quizzes and exams
![Page 24: Creating Enterprise Friendly iOS Apps](https://reader036.vdocuments.mx/reader036/viewer/2022081504/555ab252d8b42a405b8b4e9a/html5/thumbnails/24.jpg)
Single Sign-OnBuilt Into iOS!
• App uses NSURLConnection and/or NSURLSession
• IT defines app bundle IDs on their MDM server
• Secured using Kerberos, password stored in the keychain, not inside the apps
• NSURLConnection is the backbone of AFNetworking, NSURLSession is extended in AFNetworking 2.0
![Page 25: Creating Enterprise Friendly iOS Apps](https://reader036.vdocuments.mx/reader036/viewer/2022081504/555ab252d8b42a405b8b4e9a/html5/thumbnails/25.jpg)
Per-App VPNBuilt Into iOS
App 1 App 2 App 3
VPN
Enterprise
Internet
![Page 26: Creating Enterprise Friendly iOS Apps](https://reader036.vdocuments.mx/reader036/viewer/2022081504/555ab252d8b42a405b8b4e9a/html5/thumbnails/26.jpg)
Control Data Usage
• Enterprise users may want to limit how much cellular data their users use
• urlRequest.allowsCellularAccess = NO;
• Another opportunity to use managed configuration profiles to give IT more control
![Page 27: Creating Enterprise Friendly iOS Apps](https://reader036.vdocuments.mx/reader036/viewer/2022081504/555ab252d8b42a405b8b4e9a/html5/thumbnails/27.jpg)
Data Security
Built Into iOS!
• Installed apps are protected automatically with NSFileProtectionCompleteUntilFirstAuthentication in iOS 7
• Consider the sensitivity of each file or type of data you are saving
![Page 28: Creating Enterprise Friendly iOS Apps](https://reader036.vdocuments.mx/reader036/viewer/2022081504/555ab252d8b42a405b8b4e9a/html5/thumbnails/28.jpg)
• NSFileProtectionNoneread or write anytime
• NSFileProtectionCompleteencrypted unless the device is unlocked
• NSFileProtectionCompleteUnlessOpenif the file is open when unlocked, you may continue to access it even if the user locks the device.
• kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly keeps keychain secrets on one device
![Page 29: Creating Enterprise Friendly iOS Apps](https://reader036.vdocuments.mx/reader036/viewer/2022081504/555ab252d8b42a405b8b4e9a/html5/thumbnails/29.jpg)
Managed “Open In”
• Not every business wants their “business” on Facebook
• Managed apps only share data with other managed apps
![Page 30: Creating Enterprise Friendly iOS Apps](https://reader036.vdocuments.mx/reader036/viewer/2022081504/555ab252d8b42a405b8b4e9a/html5/thumbnails/30.jpg)
App Licensing• Apple is now allowing volume purchasers to buy
licenses that may expire and/or be reassigned to other users
• Opens up purchasing models for schools, others who may share and reuse devices
• If you support this model, you need to be aware of app revocation
![Page 31: Creating Enterprise Friendly iOS Apps](https://reader036.vdocuments.mx/reader036/viewer/2022081504/555ab252d8b42a405b8b4e9a/html5/thumbnails/31.jpg)
Receipts and Revocation• iOS 7 receipts now include volume purchase
information
• Information that ties your app to this device is on the receipt
• Validate that the receipt is still valid using StoreKit
• You can not quit the app if it’s invalid, but you can degrade the features/experience
![Page 32: Creating Enterprise Friendly iOS Apps](https://reader036.vdocuments.mx/reader036/viewer/2022081504/555ab252d8b42a405b8b4e9a/html5/thumbnails/32.jpg)
Questions
![Page 33: Creating Enterprise Friendly iOS Apps](https://reader036.vdocuments.mx/reader036/viewer/2022081504/555ab252d8b42a405b8b4e9a/html5/thumbnails/33.jpg)
References• “Extending your Apps for Enterprise and
Education Use”Session 301, WWDC 2013
• “Managing Apple Devices”Session 300, WWDC 2013
• “Using Receipts to Protect Digital Sales” Session 308, WWDC 2013