Forbidden Apps

Since vShare is a jailbreak app, you might want to consider disallowing jailbroken devices on your network. Could stop a large number of baddies with that.

Doing the 'Prevent Configuration Profile' has stopped a good number of those services for us on Student units. Also using our .pac file in our iOS Global Proxy I have blackholed a number of those URLS for VPN stuff.

This is all great information. We are really struggling with "illegal app stores" at our school. Every time we block one like vShare, a new one seems to appear. Now, here are a few comments about what we're seeing:

1. The Prevent Configuration Profile setting did not block Provisioning Profiles such as vShare for us. We enabled it and was able to install the vShare Provisioning Profile and others multiple times.

2. The Prevent Configuration Profile setting blocks legit profiles from our MDM - we had to disable it before pushing out a new profile.

3. Some of the illegal app stores we've blocked in our filter-
pro.25pp.com
z.25pp.com
25pp.com
v.appvv.com
repo.appvv.com
ipastore.me
appaddict.org
dotdoh.com
iphonecake.com

4. I believe some of the provisioning profiles are serious malware because of this example: when we first started seeing students install from pp.com, Notability stopped working on the majority of those iPads. When we tried to open Notability, we were prompted to enter the Apple ID and password. We did enter the ID and password at first, but nothing happened, Notability would just crash. Then, we found the solution was to deleted/re-installed Notability and delete the pp Provisioning Profile. That worked every time for every iPad with pp.com. We never saw this same behavior on iPads that did not have pp.com.

5. I opened a call about this with Apple well over a year ago and gave them all the information we had at that time, including the info I just described in #4, but the last time I asked about the status of that ticket they told me it had been turned over to senior level engineers and closed.

I hope this helps. If anyone has additional information on this, please let me know!

We have found a couple more apps that could potentially cause trouble for your students. I speak from very practical experience for which I can't go into detail. The apps kik and Tango are social media apps that, as of this writing, can't be blocked by a proxy, as they bypass proxy traffic. This should not be allow by Apple and I'm not sure how they get around it. kik is a 17+ app, so that may be managed by setting age restrictions, of course then the Google app will not work which is also 17+. Tango also bypasses proxy traffic, but is a 4+ app. This is ridiculous, and I would appreciate it if you took the time to put a request into Apple to get it reconsidered as I have. In iOS 8 - Apple release two protocols that may help block apps that bypass proxy traffic. IKEv2 and "Advanced Content Filtering". Our provider, Lightspeed, is aware of these protocols, but is waiting for Apple's "gold" release before implementing.

One more app that we found a few students had was YouNow. This is an incredibly scary app, install it on your iPad and see for yourself. I was able to block this with the URL pattern cdn2.younow.com -

We have banned most social media apps. We have started to install a webclip on their iPads if they install a forbidden app. The webclip is an exclamation point icon with school colors that brings them to a web page that list the app the forbidden app they have installed. When they remove the app the webclip goes away.

Hope this helps!