Who Needs WWDC?
We'll have the latest news and gossip from WWDC straight from San Francisco. Connect with your fellow iOS masters, swap stories from the trenches, kibbitz about the announcements from WWDC, and get inspired.
Thursday, June 21
5:30p Event Begins and Bar Opens. We will have drink tickets compliments of our sponsors.
6:30p Brief Introductions from Our Hosts
7:30p Move upstairs Ace Hotel lobby bar
Check out our afternoon event, iPad® in Business Briefing: How To Increase Revenue & Improve Employee Productivity, starting at 3:30p. Register for that event separately.
Ace Hotel (Liberty Hall)
20 West 29th Street at Broadway
New York, NY 10001
Update 2013 April 23: Greg has released the Apple ID Automation Builder as the successor to this AppleScript. Please check that out too!
Purpose & Features
Deploying a great quantity of iOS devices means creating a great quantity of Apple IDs. This script allows automated Apple ID creation from a spreadsheet. Apple IDs are created without a credit card, which is great for many deployments. There is a "dry run" feature to test the script without actually creating the Apple ID.
- IMPORTANT: Apple uses a velocity check to prevent too many Apple IDs from a single IP address. You must contact your Apple business representative to request that your IP address is whitelisted for a short time.
- Being AppleScript, this runs only on Macs.
- iTunes 10.7 is currently required. Future versions may break the script.
- UI Scripting allows us to script otherwise non-scriptbale interfaces. Turn this on in System Preferences > Accessibility and check "Enable access for assistive devices."
- Apple has strong password requirements. Account creation will fail if the passwords are too weak.
A template CSV file is included. Fill out all columns, keeping the column headers, and save as CSV. Then run the script.
As of iTunes 10.6.1 Apple has required three security questions. The Batch Apple ID Creator allows you to choose the questions from the list below. Each question should be copied into the appropriate spreadsheet column (Security Question 1, 2 or 3) exactly as typed below.
Security Question 1
- What is the first name of your best friend in high school?
- What was the name of your first pet?
- What was the first thing you learned to cook?
- What was the first film you saw in the theater?
- Where did you go the first time you flew on a plane?
- What is the last name of your favorite elementary school teacher?
Security Question 2
- What is your dream job?
- What is your favorite children's book?
- What was the model of your first car?
- What was your childhood nickname?
- Who was your favorite film star or character in school?
- Who was your favorite singer or band in high school?
Security Question 3
- In what city did your parents meet?
- What was the first name of your first boss?
- What is the name of the street where you grew up?
- What is the name of the first beach you visited?
- What was the first album that you purchased?
- What is the name of your favorite sports team?
Errors are not handled gracefully. Although some errors are recoverable, if the script stops, it loses track of its progress. Edit the spreadsheet to continue.
At the end of this script, Apple will send a verification email to the Apple ID. To complete verification, click the link in the message, then re-enter the account address and password.
The files are downloadable from GitHub: https://github.com/aaronfreimark/Apple-ID-AppleScript Feel free to fork and improve.
This script was originally created by Enterprise iOS user Greg Moore, who works for Hope Public Schools in Hope, Arkansas. Aaron Freimark then updated the script to work with iTunes 10.6.1 and the multiple recovery questions. Discuss on EnterpriseiOS.com. This script or derivatives must not be sold. If you make it better, please give back to the community that brought it to you.
I have an question regarding app distribution system via app store.
I have an app on app store which interacts with a different client-servers at various locations. It functions like version 1.0 of iphone app will be able to properly interact with version 1.0 of the client-server. Now the problem is few of my clients are late/reluctant in upgrading their server to which the iphone users connect. Once I release an update(say 2.0 ) for my iphone app there are few client-server which are still running 1.0 version. And if the end users of these clients installs the update (2.0 ) for his iphone app (unknowingly, the client-server which he is gonna connect to is still on 1.0 ), he makes his app unusable.
how to deal with these types of scenarios?
Can I develop my new updates to the application which interacts with the server before upgrading themselves OR can I develop something which automatically rolls back the update if server version mismatches?
Kindly suggest how to deal with this problem!
Would extremely grateful for your suggestions.
Apple has posted a white paper on iOS Security. The document is an overview of device booting, code signing, runtime security, encryption and data protection, keychain, configuration enforcement, and Mobile Device Management.
This document provides details about how security technology and features are implemented within the iOS platform. It also outlines key elements that organizations should understand when evaluating or deploying iOS devices on their networks.
Some fun excerpts:
- When an iOS device is turned on, its application processor immediately executes code from read-only memory known as the Boot ROM. This immutable code is laid down during chip fabrication, and is implicitly trusted.
- If one step of this boot process is unable to load or verify the next, boot-up is stopped and the device displays the “Connect to iTunes” screen. This is called recovery mode. If the Boot ROM is not even able to load or verify LLB, it enters DFU (Device Firmware Upgrade) mode. In both cases, the device must be connected to iTunes via USB and restored to factory default settings.
- To prevent devices from being downgraded to older versions that lack the latest security updates, iOS uses a process called System Software Personalization.
- To ensure that all apps come from a known and approved source and have not been tampered with, iOS requires that all executable code be signed using an Apple-issued certificate.
- At runtime, code signature checks of all executable memory pages are made as they are loaded to ensure that an app has not been modified since it was installed or last updated.
- All third-party apps are “sandboxed,” so they are restricted from accessing files stored by other apps or from making changes to the device. This prevents apps from gathering or modifying information stored by other apps.
- Each app has a unique home directory for its files, which is randomly assigned when the app is installed.
- The entire OS partition is mounted read-only.
- System shared library locations are randomized at each device startup.
- The device’s unique ID (UID) and a device group ID (GID) are AES 256-bit keys fused into the application processor during manufacturing.
- The UID is unique to each device and is not recorded by Apple or any of its suppliers. The UID allows data to be cryptographically tied to a particular device.
- The “Erase all content and settings” option in Settings obliterates all the keys in Effaceable Storage, rendering all user data on the device cryptographically inaccessible.
- By setting up a device passcode, the user automatically enables Data Protection.
- Keychain items can only be shared between apps from the same developer.
- Because iOS achieves a reduced attack surface by limiting listening ports and removing unnecessary network utilities such as telnet, shells, or a web server, it doesn’t need firewall software.
- Administrators can enforce complex passcode requirements and other policies using MDM or Exchange ActiveSync,
President Barack Obama receives the Presidential Daily Briefing from Robert Cardillo, Deputy Director of National Intelligence for Intelligence Integration, in the Oval Office, Jan. 31, 2012. Part of the briefing was done using a tablet computer. (Official White House Photo by Pete Souza)
Also, the U.S. Government is going BYOD...
In the world of iOS corporate deployments, there is always a question about how the data is protected on those devices.
The Apple’s answer to that problem is called : Data Protection. A generic term that would need some explanation. I’d like to gather here the state of knowledge about that feature, so everybody can understand what « Data Protection » really is.
To make it simple, since iPhone 3GS every iOS device produced includes a dedicated AES-256 cryptographic chip that is used by the OS itself or third-party applications using some APIs.
The OS uses this chip to encrypt all data on the device using the UID (which is unique) of the device to generate the encryption key.
Data Protection is only an additional layer that allow (or force) the user, by choosing a passcode, to protect the iOS encryption key itself.
Here are some of the most interesting articles/documents on that subject so that you can get a better idea of what Data Protection really is and what it can do:
- Apple: Understanding iOS Data Protection
- Elcomsoft: overcoming iOS Data Protection
- SOGETI: iOS Data Protection in depth
- SOGETI: iOS 5 data protection updates
- SECUREOSIS: Defending iOS Data
And we maintain a List of Apps that support Apple Data Protection.
(originally via iOS4Business.)
User-Agent strings are a standard part of HTTP used to identify a particular client to the web server. The web server can then choose to send customized content to that device.
iOS sends specific User-Agent strings that can identify the specific device and version of iOS. The following tables list the iOS UA prefixes.
|User-Agent prefix||Apple product|
|Apple-iPhone/||iPhone, 3G or 3GS with iOS 3.x|
|Apple-iPhone1C2/||iPhone 3G with iOS 4.x|
|Apple-iPhone2C1/||iPhone 3GS with iOS 4.x|
|Apple-iPhone3C1/||iPhone 4 GSM|
|Apple-iPhone3C2/||iPhone 4 GSM|
|Apple-iPhone3C3/||iPhone 4 CDMA|
|Apple-iPhone5C1/||iPhone 5 GSM|
|Apple-iPhone5C2/||iPhone 5 CDMA|
|Apple-iPhone5C3/||iPhone 5C GSM|
|Apple-iPhone5C4/||iPhone 5C CDMA|
|Apple-iPhone6C1/||iPhone 5S GSM|
|Apple-iPhone6C2/||iPhone 5S CDMA|
|Apple-iPod/||iPod touch 1st, 2nd or 3rd generation with iOS 3.x|
|Apple-iPod2C1/||iPod touch 2nd generation with iOS 4.x|
|Apple-iPod3C1/||iPod touch 3rd generation with iOS 4.x|
|Apple-iPod4C1/||iPod touch 4th generation|
|Apple-iPod5C1/||iPod touch 5th generation|
|Apple-iPad/||iPad with iOS 3.2.x|
|Apple-iPad1C1/||iPad with iOS 4.2.x|
|Apple-iPad2C1/||iPad 2 WiFi|
|Apple-iPad2C2/||iPad 2 WiFi + 3G GSM|
|Apple-iPad2C3/||iPad 2 WiFi + 3G CDMA|
|Apple-iPad2C4/||iPad Mini - WIFI|
|Apple-iPad2C5/||iPad Mini - WIFI + LTE|
|Apple-iPad3C1/||iPad (3rd generation) WiFi|
|Apple-iPad3C2/||iPad (3rd generation) WiFi + 4G Verizon / International|
|Apple-iPad3C3/||iPad (3rd generation) WiFi + 4G AT&T / International|
|Apple-iPad3C4/||iPad (4th Gen, WiFi Only)|
|Apple-iPad3C5/||iPad (4th Gen, GSM, NA LTE)|
|Apple-iPad3C6/||iPad (4th Gen, CDMA, LTE)|
|Apple-iPad4C1/||iPad Air - WiFi|
|Apple-iPad4C2/||iPad Air - WiFi + LTE|
|Apple-iPad4C4/||iPad Mini with Retina Display - WIFI|
|Apple-iPad4C5/||iPad Mini with Retina Display - WIFI + LTE|
Below is the complete list of known iOS UA identifiers.
Exchange ActiveSync (EAS) is an XML-based protocol that communicates over HTTP (or HTTPS) designed for the synchronization of email, contacts, calendar, tasks and notes from a messaging server to a mobile device. The protocol also provides mobile device management and policy controls. (— Wikipedia, which has a useful history of Exchange ActiveSync versions.)
|iOS Version||Exchange ActiveSync protocol version|
|iOS 3.x||v2.5, v12.1|
|iOS 4.x||v2.5, v12.1, v14.0|
|iOS 5.x||v2.5, v12.1, v14.0|
Pencil in your calendars or tap into iCal: our virtual community is going live with a flesh-and-blood (not too much blood I hope) meet-up in June 21 in New York City. Connect with your follow iOS masters, swap stories from the trenches, kibbitz about the announcements from WWDC, and get inspired. We'll have a sponsor or two so the drinks will be free!
5:30 – 8:00 PM in the Flatiron District. I will post more details very soon.
The MDM has overshadowed the real dilemma - what solution will provide the same type of service RIM has provided over several years?
Before we can discuss mobile device management we have to provide the email delivery in a timely manner that users have come to expect.
We have looked at the sandbox approach (GoodLink) and the ActivSync native client solutions (McAfee).
Does anyone know of any other vendors that deliver email from the messaging system to the smartphones besides these two?
I wrote a blog post: here that I will repost:
With iOS 6 likely to be announced in a few weeks, I thought I’d explain my wish list from an education/enterprise perspective. Apple has quietly beefed up what mobile device management systems can do with each version of iOS (a lot of new things in iOS 5).
1. The ability to disable automatic Software Update (or require passcode to download)
While I love the ability to do over the air iOS updates, I also want to control when it happens. I don’t want a student to be able to install an update that I have not tested with our mission critical applications.
2. Install apps wirelessly with volume purchase program codes with no interaction from end user
While a lot of MDM providers have the ability to push apps to devices, they still require the end user to enter an iTunes password. I want to be able to silently install (and update) applications without an end user having to do anything.
3. Google Apps style iCloud account creation
While I love iCloud for personal use, it is tough use to use in an education/enterprise setup. The users either have to create their own account (most won’t do it) or I have to do it and then I will be responsible for keeping up with their information. Google Apps gives me all the benefits of a Google account while also being able to have control (set permissions, reset passwords, etc). I would love to be able to do this for iCloud
4. Require pass code to enter Settings.app (or a toggle switch to turn off each setting individually)
This has become an issue with students using school owned iPads (cart scenario). Some of the students have found their way into the universal access section and changed some of those settings. I’d prefer to be able to lock them out of Settings.app in general. Apple currently allows me to lock down Mail, Twitter, and iCloud.
Whether you BYOD or not, Mobile Device Management is a crucial tool for managing iOS in the enterprise. And if you are doing research, our own Comparison of MDM Providers is one of the best resources we know of. The community-generated chart now lists 30 providers, and compares them by dozens of features. And today we added the ability to peruse offline with a PDF download.
We've gotten close to 100,000 views of the comparison, and as you can tell we're pretty proud of it. It is the result of an ongoing community project with dozens of contributors. Sign in with an account, and you can help improve each vendor's information.
I spoke with Apple today regarding how apps that have a temporary price reduction of free affects Apple Configurator. Here was the response I got:
Apple Configurator checks to see if the app is free at the moment you import the app into Apple Configurator. If a free app is imported and Apple Configurator finds that it is no longer free, you will be required to import VPP app codes for it. If the app is still free as you import it then it stays free forever on that particular computer. Each computer does this check independently.
About This Site
- Comparison of MDM Providers (558,793)
- Complete List of iOS User-Agent Strings (220,136)
- How to get remote viewing/control of the IPAD screen via internet or preferably 3G? (143,023)
- Apple Configurator vs. MDM (108,732)
- Mobile Device Management (73,759)
- Apple Profile Manager (60,342)
- AirWatch (59,577)
- Gartner Magic Quadrant for MDM (2014, 2012, 2011) (54,951)
- Absolute Manage (54,002)
- Batch Apple ID Creator (52,324)
Comparison of MDM Providers
Forum topic comment by don123 2 hours ago
Story comment by antoinemoussy 4 hours ago
Forum topic added by betolley 13 hours ago
Forum topic comment by neodawg 19 hours ago
Forum topic comment by nlforrest 19 hours ago
Forum topic comment by vaio395 1 day ago
Story added by Aaron Freimark 1 day ago
Forum topic comment by Enchante 2 days ago
Forum topic added by AAAMobilitySolutions 4 days ago
Forum topic comment by mjsanders 4 days ago
Forum topic added by lizl99 4 days ago
Forum topic comment by tech-msg 1 week ago
Forum topic comment by Deric Bolland 1 week ago
Forum topic comment by JMPATLANTA 1 week ago
Forum topic added by Rajalakshmi 1 week ago
Wiki Page changed by Aaron Freimark 1 week ago
Wiki Page added by Aaron Freimark 1 week ago
Forum topic comment by Aaron Freimark 1 week ago
Wiki Page changed by Aaron Freimark 1 week ago
Forum topic comment by tech-msg 1 week ago