Forbidden Apps
There are a number of apps out there, and new ones popping up all the time, that students are downloading for one reason or another. Mostly VPN apps to try and bypass our web filters. GBA4iOS is a little more innocuous, but does make the user change the time on their iPads to a date in the past.
We are blocking the install of Configuration Profiles which helps with VPNs. I also lock and disable features on the iPad if it is seen in inventory. It installs a Web Clip they click on that brings them to a page and explains why their iPad is disabled and how to get rid of it.
A new app I found yesterday is vShare. This is an app that allows you to pirate other apps, wants you to change the time on your iPad to a time in the past and installs a Provisioning Profile called "Anyone".
I would like to create this and start a list of apps that students use to bypass rules. A wiki of things that are Forbidden or otherwise screw up your configs. If this has already been done in another post please let me know, but I did not find anything. Here is my list so far:
VPN
GBA4iOS
vShare
Anyone - Provisioning profile
Who is online?
There are currently 0 admins, 0 users and 201 guests online. Connected users: .Recent Activity
-
Mobile Management Provider changed by Frank Klotz 2 years ago
-
Mobile Management Provider changed by bugfrisch 2 years ago
-
Mobile Management Provider changed by taylor 2 years ago
-
Mobile Management Provider changed by dmlarry 2 years ago
-
Mobile Management Provider changed by codeproof 2 years ago
-
Story added by Aaron Freimark 3 years ago
-
Mobile Management Provider changed by SteJohGbg 3 years ago
-
Story added by Aaron Freimark 3 years ago
-
Story added by Aaron Freimark 3 years ago
-
Mobile Management Provider changed by ZuluDesk 3 years ago
-
Wiki Page added by digitalmarketin... 3 years ago
-
Mobile Management Provider changed by Mahesh 3 years ago
-
Story added by Aaron Freimark 3 years ago
-
Mobile Management Provider changed by Neeraj 3 years ago
-
Story added by DaddyOfThr33 3 years ago
-
Story added by Aaron Freimark 3 years ago
-
Mobile Management Provider changed by sb-miradore 3 years ago
-
Story comment by Aaron Freimark 3 years ago
-
Story added by Aaron Freimark 3 years ago
-
Story added by Aaron Freimark 3 years ago
Stunod7
vShare
Since vShare is a jailbreak app, you might want to consider disallowing jailbroken devices on your network. Could stop a large number of baddies with that.
notoole
Onavo
Another one to add to the VPN list is Onavo Protect: https://itunes.apple.com/us/app/free-vpn-onavo-protect/id577491499?mt=8
HCCSC John H
Doing the 'Prevent
Doing the 'Prevent Configuration Profile' has stopped a good number of those services for us on Student units. Also using our .pac file in our iOS Global Proxy I have blackholed a number of those URLS for VPN stuff.
John Humphrey
Apple Support Specialist
Huntington County Community Schools
Huntington IN
danny33c
Re: Doing the 'Prevent
Hi again John
Yes, we have found the same thing with preventing the installation of config profiles. I have not found a VPN vendor that you can install the app and then manually configure the VPN settings. One had instructions, but they were very cryptic and it was a paid service.
Maybe a missing feature of our MDM is the ability to block the manual config of the VPN. Then it wouldn't be an issue at all.
bander
Re: Forbidden Apps
This is all great information. We are really struggling with "illegal app stores" at our school. Every time we block one like vShare, a new one seems to appear. Now, here are a few comments about what we're seeing:
1. The Prevent Configuration Profile setting did not block Provisioning Profiles such as vShare for us. We enabled it and was able to install the vShare Provisioning Profile and others multiple times.
2. The Prevent Configuration Profile setting blocks legit profiles from our MDM - we had to disable it before pushing out a new profile.
3. Some of the illegal app stores we've blocked in our filter-
pro.25pp.com
z.25pp.com
25pp.com
v.appvv.com
repo.appvv.com
ipastore.me
appaddict.org
dotdoh.com
iphonecake.com
4. I believe some of the provisioning profiles are serious malware because of this example: when we first started seeing students install from pp.com, Notability stopped working on the majority of those iPads. When we tried to open Notability, we were prompted to enter the Apple ID and password. We did enter the ID and password at first, but nothing happened, Notability would just crash. Then, we found the solution was to deleted/re-installed Notability and delete the pp Provisioning Profile. That worked every time for every iPad with pp.com. We never saw this same behavior on iPads that did not have pp.com.
5. I opened a call about this with Apple well over a year ago and gave them all the information we had at that time, including the info I just described in #4, but the last time I asked about the status of that ticket they told me it had been turned over to senior level engineers and closed.
I hope this helps. If anyone has additional information on this, please let me know!
HCCSC John H
Awesome listing!
Awesome list! :-> I found some that we did not have in our filter yet. Interesting comment about the profiles providing a path for malware..Just wonderful.....As far as the 'Prevent Configuration Profile' in our case with our MDM - FileWave - it has not prevented any of the MDM profiles we push from being installed - thank goodness as that would be horrible - and it has seemed to prevent further Student installs of any of the rouge profiles, although I have not personally tested it......
John Humphrey
Apple Support Specialist
Huntington County Community Schools
Huntington IN
danny33c
A couple updates to this list
We have found a couple more apps that could potentially cause trouble for your students. I speak from very practical experience for which I can't go into detail. The apps kik and Tango are social media apps that, as of this writing, can't be blocked by a proxy, as they bypass proxy traffic. This should not be allow by Apple and I'm not sure how they get around it. kik is a 17+ app, so that may be managed by setting age restrictions, of course then the Google app will not work which is also 17+. Tango also bypasses proxy traffic, but is a 4+ app. This is ridiculous, and I would appreciate it if you took the time to put a request into Apple to get it reconsidered as I have. In iOS 8 - Apple release two protocols that may help block apps that bypass proxy traffic. IKEv2 and "Advanced Content Filtering". Our provider, Lightspeed, is aware of these protocols, but is waiting for Apple's "gold" release before implementing.
One more app that we found a few students had was YouNow. This is an incredibly scary app, install it on your iPad and see for yourself. I was able to block this with the URL pattern cdn2.younow.com -
We have banned most social media apps. We have started to install a webclip on their iPads if they install a forbidden app. The webclip is an exclamation point icon with school colors that brings them to a web page that list the app the forbidden app they have installed. When they remove the app the webclip goes away.
Hope this helps!
danny33c
Re: Forbidden Apps
I have a few more apps that we have blocked and you might want to take a look at -
TextNow - Texting, Social Media
Jott - Texting, Social Media
After School - Anonymous, social media posting
"After School" uses Facebook to verify the person using the app is actually a student at the school. It's a 17+ app and uses Facebook to verify identity. If you block Facebook or have restrictions set to 12+ you should be ok. Just be aware that they are able to use it on their personal devices.