Forbidden Apps

danny33c's picture

danny33c

Joined: Jul 13, 2016
WWW
Your rating: None (2 votes)

There are a number of apps out there, and new ones popping up all the time, that students are downloading for one reason or another. Mostly VPN apps to try and bypass our web filters. GBA4iOS is a little more innocuous, but does make the user change the time on their iPads to a date in the past.

We are blocking the install of Configuration Profiles which helps with VPNs. I also lock and disable features on the iPad if it is seen in inventory. It installs a Web Clip they click on that brings them to a page and explains why their iPad is disabled and how to get rid of it.

A new app I found yesterday is vShare. This is an app that allows you to pirate other apps, wants you to change the time on your iPad to a time in the past and installs a Provisioning Profile called "Anyone".

I would like to create this and start a list of apps that students use to bypass rules. A wiki of things that are Forbidden or otherwise screw up your configs. If this has already been done in another post please let me know, but I did not find anything. Here is my list so far:

VPN
GBA4iOS
vShare
Anyone - Provisioning profile

Top
Stunod7's picture

Stunod7

Joined: Oct 1, 2014

vShare

Your rating: None (4 votes)

Since vShare is a jailbreak app, you might want to consider disallowing jailbroken devices on your network. Could stop a large number of baddies with that.

Top
notoole's picture

notoole

Joined: Oct 6, 2014

Onavo

Your rating: None (3 votes)

Another one to add to the VPN list is Onavo Protect: https://itunes.apple.com/us/app/free-vpn-onavo-protect/id577491499?mt=8

Top
HCCSC John H's picture

HCCSC John H

Joined: Oct 23, 2013
WWW

Doing the 'Prevent

Your rating: None (1 vote)

Doing the 'Prevent Configuration Profile' has stopped a good number of those services for us on Student units. Also using our .pac file in our iOS Global Proxy I have blackholed a number of those URLS for VPN stuff.

John Humphrey
Apple Support Specialist
Huntington County Community Schools
Huntington IN

Top
danny33c's picture

danny33c

Joined: Mar 12, 2014
WWW

Re: Doing the 'Prevent

Your rating: None

Hi again John Smile

Yes, we have found the same thing with preventing the installation of config profiles. I have not found a VPN vendor that you can install the app and then manually configure the VPN settings. One had instructions, but they were very cryptic and it was a paid service.

Maybe a missing feature of our MDM is the ability to block the manual config of the VPN. Then it wouldn't be an issue at all.

Top
bander's picture

bander

Joined: Dec 12, 2014

Re: Forbidden Apps

Your rating: None (1 vote)

This is all great information. We are really struggling with "illegal app stores" at our school. Every time we block one like vShare, a new one seems to appear. Now, here are a few comments about what we're seeing:

1. The Prevent Configuration Profile setting did not block Provisioning Profiles such as vShare for us. We enabled it and was able to install the vShare Provisioning Profile and others multiple times.

2. The Prevent Configuration Profile setting blocks legit profiles from our MDM - we had to disable it before pushing out a new profile.

3. Some of the illegal app stores we've blocked in our filter-
pro.25pp.com
z.25pp.com
25pp.com
v.appvv.com
repo.appvv.com
ipastore.me
appaddict.org
dotdoh.com
iphonecake.com

4. I believe some of the provisioning profiles are serious malware because of this example: when we first started seeing students install from pp.com, Notability stopped working on the majority of those iPads. When we tried to open Notability, we were prompted to enter the Apple ID and password. We did enter the ID and password at first, but nothing happened, Notability would just crash. Then, we found the solution was to deleted/re-installed Notability and delete the pp Provisioning Profile. That worked every time for every iPad with pp.com. We never saw this same behavior on iPads that did not have pp.com.

5. I opened a call about this with Apple well over a year ago and gave them all the information we had at that time, including the info I just described in #4, but the last time I asked about the status of that ticket they told me it had been turned over to senior level engineers and closed.

I hope this helps. If anyone has additional information on this, please let me know!

Top
HCCSC John H's picture

HCCSC John H

Joined: Oct 23, 2013
WWW

Awesome listing!

Your rating: None

Awesome list! :-> I found some that we did not have in our filter yet. Interesting comment about the profiles providing a path for malware..Just wonderful.....As far as the 'Prevent Configuration Profile' in our case with our MDM - FileWave - it has not prevented any of the MDM profiles we push from being installed - thank goodness as that would be horrible - and it has seemed to prevent further Student installs of any of the rouge profiles, although I have not personally tested it......

John Humphrey
Apple Support Specialist
Huntington County Community Schools
Huntington IN

Top
danny33c's picture

danny33c

Joined: Mar 12, 2014
WWW

A couple updates to this list

Your rating: None

We have found a couple more apps that could potentially cause trouble for your students. I speak from very practical experience for which I can't go into detail. The apps kik and Tango are social media apps that, as of this writing, can't be blocked by a proxy, as they bypass proxy traffic. This should not be allow by Apple and I'm not sure how they get around it. kik is a 17+ app, so that may be managed by setting age restrictions, of course then the Google app will not work which is also 17+. Tango also bypasses proxy traffic, but is a 4+ app. This is ridiculous, and I would appreciate it if you took the time to put a request into Apple to get it reconsidered as I have. In iOS 8 - Apple release two protocols that may help block apps that bypass proxy traffic. IKEv2 and "Advanced Content Filtering". Our provider, Lightspeed, is aware of these protocols, but is waiting for Apple's "gold" release before implementing.

One more app that we found a few students had was YouNow. This is an incredibly scary app, install it on your iPad and see for yourself. I was able to block this with the URL pattern cdn2.younow.com -

We have banned most social media apps. We have started to install a webclip on their iPads if they install a forbidden app. The webclip is an exclamation point icon with school colors that brings them to a web page that list the app the forbidden app they have installed. When they remove the app the webclip goes away.

Hope this helps!

Top
danny33c's picture

danny33c

Joined: Mar 12, 2014
WWW

Re: Forbidden Apps

Your rating: None

I have a few more apps that we have blocked and you might want to take a look at -
TextNow - Texting, Social Media
Jott - Texting, Social Media
After School - Anonymous, social media posting

"After School" uses Facebook to verify the person using the app is actually a student at the school. It's a 17+ app and uses Facebook to verify identity. If you block Facebook or have restrictions set to 12+ you should be ok. Just be aware that they are able to use it on their personal devices.

Top

Who is online?

There are currently 0 admins, 0 users and 16 guests online. Connected users: .

Recent Activity