Apple has announced iOS 6, in developer preview today and shipping this fall. The full keynote address is available. Several features announced, and/or visible from the presentation, are relevant to business. (Note the developer preview is covered by Apple's non-disclosure agreement. This site respects the NDA and we will discuss only publicly-announced information.)
Apple's voice-enabled "personal assistant" Siri is has received some tutoring. Already on the iPhone 4S, it is coming to the new iPad (3rd Gen.). It can now integrate with Open Table to make restaurant reservations, sure to impress your customers. And for business trips, Siri will be integrated into the steering wheel button for 2014-model cars from several auto makers.
Photo Stream, one of the most helpful innovations of iOS 5, now works with shared groups. Group members can then comment on photos. This is going to be a killer feature for field teams working with photos. Photo upload now works within web forms too (particularly welcome for bloggers like me!).
FaceTime, currently WiFi only, will work over cellular too. Expect your data caps to be hit very quickly. This may be a great time to plan centralized telephony management.
For meetings, the iOS Phone app (yes, it is an app) gets some enhancements as well. When a call comes in, you can choose to Answer or Decline, or "Reply with Message." There's also a "Do Not Disturb" feature to send all calls (except for favorites) direct to voicemail during particular times.
Mail gets a "VIP Inbox" and per-account signatures. Also password-protected Microsoft Office docs can now be opened.
In iOS 6 the Maps app includes turn by turn navigation, 3D maps, flyover, and Siri integration.
Accessibility is already fantastic on iOS, but even this gets improvements. Look for a kiosk mode to disable hardware buttons — possibility a useful features even for non-disabled users.
Finally, some little tidbits mentioned in a quick slide (shown above): IPv6 support over WiFi and LTE, global HTTP proxies ought to force corporate security policies.
iOS 6 is expected this fall, and will work with the following devices:
- iPhone 3GS and later
- iPad 2nd & 3rd Gen
- iPod touch 4th Gen.
Hi guys, I am working for a software company, which is currently thinking about cooperating with MobileIron or possibly AirWatch. Basically my company is building a tool that allows people to create apps and we'd like to give users a "one click publish" to MDM products like Mobile Iron and AirWatch. I'm wondering if there's a way to connect the two systems to make this possible. For example, is there specific data we need to send with the app file to Mobile Iron or AirWatch?
A use case would be:
1. I create my app in my creation tool.
2. When I'm done I click a "publish" button.
3. The app is automatically saved up to the MDM.
4. The MDM administrator can use the normal process for that MDMD to
deploy it to users.
Some words please? Thanks a lot!
Who Needs WWDC?
We'll have the latest news and gossip from WWDC straight from San Francisco. Connect with your fellow iOS masters, swap stories from the trenches, kibbitz about the announcements from WWDC, and get inspired.
Thursday, June 21
5:30p Event Begins and Bar Opens. We will have drink tickets compliments of our sponsors.
6:30p Brief Introductions from Our Hosts
7:30p Move upstairs Ace Hotel lobby bar
Check out our afternoon event, iPad® in Business Briefing: How To Increase Revenue & Improve Employee Productivity, starting at 3:30p. Register for that event separately.
Ace Hotel (Liberty Hall)
20 West 29th Street at Broadway
New York, NY 10001
Update 2013 April 23: Greg has released the Apple ID Automation Builder as the successor to this AppleScript. Please check that out too!
Purpose & Features
Deploying a great quantity of iOS devices means creating a great quantity of Apple IDs. This script allows automated Apple ID creation from a spreadsheet. Apple IDs are created without a credit card, which is great for many deployments. There is a "dry run" feature to test the script without actually creating the Apple ID.
- IMPORTANT: Apple uses a velocity check to prevent too many Apple IDs from a single IP address. You must contact your Apple business representative to request that your IP address is whitelisted for a short time.
- Being AppleScript, this runs only on Macs.
- iTunes 10.7 is currently required. Future versions may break the script.
- UI Scripting allows us to script otherwise non-scriptbale interfaces. Turn this on in System Preferences > Accessibility and check "Enable access for assistive devices."
- Apple has strong password requirements. Account creation will fail if the passwords are too weak.
A template CSV file is included. Fill out all columns, keeping the column headers, and save as CSV. Then run the script.
As of iTunes 10.6.1 Apple has required three security questions. The Batch Apple ID Creator allows you to choose the questions from the list below. Each question should be copied into the appropriate spreadsheet column (Security Question 1, 2 or 3) exactly as typed below.
Security Question 1
- What is the first name of your best friend in high school?
- What was the name of your first pet?
- What was the first thing you learned to cook?
- What was the first film you saw in the theater?
- Where did you go the first time you flew on a plane?
- What is the last name of your favorite elementary school teacher?
Security Question 2
- What is your dream job?
- What is your favorite children's book?
- What was the model of your first car?
- What was your childhood nickname?
- Who was your favorite film star or character in school?
- Who was your favorite singer or band in high school?
Security Question 3
- In what city did your parents meet?
- What was the first name of your first boss?
- What is the name of the street where you grew up?
- What is the name of the first beach you visited?
- What was the first album that you purchased?
- What is the name of your favorite sports team?
Errors are not handled gracefully. Although some errors are recoverable, if the script stops, it loses track of its progress. Edit the spreadsheet to continue.
At the end of this script, Apple will send a verification email to the Apple ID. To complete verification, click the link in the message, then re-enter the account address and password.
The files are downloadable from GitHub: https://github.com/aaronfreimark/Apple-ID-AppleScript Feel free to fork and improve.
This script was originally created by Enterprise iOS user Greg Moore, who works for Hope Public Schools in Hope, Arkansas. Aaron Freimark then updated the script to work with iTunes 10.6.1 and the multiple recovery questions. Discuss on EnterpriseiOS.com. This script or derivatives must not be sold. If you make it better, please give back to the community that brought it to you.
I have an question regarding app distribution system via app store.
I have an app on app store which interacts with a different client-servers at various locations. It functions like version 1.0 of iphone app will be able to properly interact with version 1.0 of the client-server. Now the problem is few of my clients are late/reluctant in upgrading their server to which the iphone users connect. Once I release an update(say 2.0 ) for my iphone app there are few client-server which are still running 1.0 version. And if the end users of these clients installs the update (2.0 ) for his iphone app (unknowingly, the client-server which he is gonna connect to is still on 1.0 ), he makes his app unusable.
how to deal with these types of scenarios?
Can I develop my new updates to the application which interacts with the server before upgrading themselves OR can I develop something which automatically rolls back the update if server version mismatches?
Kindly suggest how to deal with this problem!
Would extremely grateful for your suggestions.
Apple has posted a white paper on iOS Security. The document is an overview of device booting, code signing, runtime security, encryption and data protection, keychain, configuration enforcement, and Mobile Device Management.
This document provides details about how security technology and features are implemented within the iOS platform. It also outlines key elements that organizations should understand when evaluating or deploying iOS devices on their networks.
Some fun excerpts:
- When an iOS device is turned on, its application processor immediately executes code from read-only memory known as the Boot ROM. This immutable code is laid down during chip fabrication, and is implicitly trusted.
- If one step of this boot process is unable to load or verify the next, boot-up is stopped and the device displays the “Connect to iTunes” screen. This is called recovery mode. If the Boot ROM is not even able to load or verify LLB, it enters DFU (Device Firmware Upgrade) mode. In both cases, the device must be connected to iTunes via USB and restored to factory default settings.
- To prevent devices from being downgraded to older versions that lack the latest security updates, iOS uses a process called System Software Personalization.
- To ensure that all apps come from a known and approved source and have not been tampered with, iOS requires that all executable code be signed using an Apple-issued certificate.
- At runtime, code signature checks of all executable memory pages are made as they are loaded to ensure that an app has not been modified since it was installed or last updated.
- All third-party apps are “sandboxed,” so they are restricted from accessing files stored by other apps or from making changes to the device. This prevents apps from gathering or modifying information stored by other apps.
- Each app has a unique home directory for its files, which is randomly assigned when the app is installed.
- The entire OS partition is mounted read-only.
- System shared library locations are randomized at each device startup.
- The device’s unique ID (UID) and a device group ID (GID) are AES 256-bit keys fused into the application processor during manufacturing.
- The UID is unique to each device and is not recorded by Apple or any of its suppliers. The UID allows data to be cryptographically tied to a particular device.
- The “Erase all content and settings” option in Settings obliterates all the keys in Effaceable Storage, rendering all user data on the device cryptographically inaccessible.
- By setting up a device passcode, the user automatically enables Data Protection.
- Keychain items can only be shared between apps from the same developer.
- Because iOS achieves a reduced attack surface by limiting listening ports and removing unnecessary network utilities such as telnet, shells, or a web server, it doesn’t need firewall software.
- Administrators can enforce complex passcode requirements and other policies using MDM or Exchange ActiveSync,
President Barack Obama receives the Presidential Daily Briefing from Robert Cardillo, Deputy Director of National Intelligence for Intelligence Integration, in the Oval Office, Jan. 31, 2012. Part of the briefing was done using a tablet computer. (Official White House Photo by Pete Souza)
Also, the U.S. Government is going BYOD...
In the world of iOS corporate deployments, there is always a question about how the data is protected on those devices.
The Apple’s answer to that problem is called : Data Protection. A generic term that would need some explanation. I’d like to gather here the state of knowledge about that feature, so everybody can understand what « Data Protection » really is.
To make it simple, since iPhone 3GS every iOS device produced includes a dedicated AES-256 cryptographic chip that is used by the OS itself or third-party applications using some APIs.
The OS uses this chip to encrypt all data on the device using the UID (which is unique) of the device to generate the encryption key.
Data Protection is only an additional layer that allow (or force) the user, by choosing a passcode, to protect the iOS encryption key itself.
Here are some of the most interesting articles/documents on that subject so that you can get a better idea of what Data Protection really is and what it can do:
- Apple: Understanding iOS Data Protection
- Elcomsoft: overcoming iOS Data Protection
- SOGETI: iOS Data Protection in depth
- SOGETI: iOS 5 data protection updates
- SECUREOSIS: Defending iOS Data
And we maintain a List of Apps that support Apple Data Protection.
(originally via iOS4Business.)
User-Agent strings are a standard part of HTTP used to identify a particular client to the web server. The web server can then choose to send customized content to that device.
iOS sends specific User-Agent strings that can identify the specific device and version of iOS. The following tables list the iOS UA prefixes.
|User-Agent prefix||Apple product|
|Apple-iPhone/||iPhone, 3G or 3GS with iOS 3.x|
|Apple-iPhone1C2/||iPhone 3G with iOS 4.x|
|Apple-iPhone2C1/||iPhone 3GS with iOS 4.x|
|Apple-iPhone3C1/||iPhone 4 GSM|
|Apple-iPhone3C2/||iPhone 4 GSM|
|Apple-iPhone3C3/||iPhone 4 CDMA|
|Apple-iPhone5C1/||iPhone 5 GSM|
|Apple-iPhone5C2/||iPhone 5 CDMA|
|Apple-iPhone5C3/||iPhone 5C GSM|
|Apple-iPhone5C4/||iPhone 5C CDMA|
|Apple-iPhone6C1/||iPhone 5S GSM|
|Apple-iPhone6C2/||iPhone 5S CDMA|
|Apple-iPhone7C1/||iPhone 6+ CDMA|
|Apple-iPhone7C2/||iPhone 6 CDMA|
|Apple-iPod/||iPod touch 1st, 2nd or 3rd generation with iOS 3.x|
|Apple-iPod2C1/||iPod touch 2nd generation with iOS 4.x|
|Apple-iPod3C1/||iPod touch 3rd generation with iOS 4.x|
|Apple-iPod4C1/||iPod touch 4th generation|
|Apple-iPod5C1/||iPod touch 5th generation|
|Apple-iPad/||iPad with iOS 3.2.x|
|Apple-iPad1C1/||iPad with iOS 4.2.x|
|Apple-iPad2C1/||iPad 2 WiFi|
|Apple-iPad2C2/||iPad 2 WiFi + 3G GSM|
|Apple-iPad2C3/||iPad 2 WiFi + 3G CDMA|
|Apple-iPad2C4/||iPad Mini - WIFI|
|Apple-iPad2C5/||iPad Mini - WIFI + LTE|
|Apple-iPad3C1/||iPad (3rd generation) WiFi|
|Apple-iPad3C2/||iPad (3rd generation) WiFi + 4G Verizon / International|
|Apple-iPad3C3/||iPad (3rd generation) WiFi + 4G AT&T / International|
|Apple-iPad3C4/||iPad (4th Gen, WiFi Only)|
|Apple-iPad3C5/||iPad (4th Gen, GSM, NA LTE)|
|Apple-iPad3C6/||iPad (4th Gen, CDMA, LTE)|
|Apple-iPad4C1/||iPad Air - WiFi|
|Apple-iPad4C2/||iPad Air - WiFi + LTE|
|Apple-iPad4C4/||iPad Mini with Retina Display - WIFI|
|Apple-iPad4C5/||iPad Mini with Retina Display - WIFI + LTE|
Below is the complete list of known iOS UA identifiers.
Exchange ActiveSync (EAS) is an XML-based protocol that communicates over HTTP (or HTTPS) designed for the synchronization of email, contacts, calendar, tasks and notes from a messaging server to a mobile device. The protocol also provides mobile device management and policy controls. (— Wikipedia, which has a useful history of Exchange ActiveSync versions.)
|iOS Version||Exchange ActiveSync protocol version|
|iOS 3.x||v2.5, v12.1|
|iOS 4.x||v2.5, v12.1, v14.0|
|iOS 5.x||v2.5, v12.1, v14.0|
Pencil in your calendars or tap into iCal: our virtual community is going live with a flesh-and-blood (not too much blood I hope) meet-up in June 21 in New York City. Connect with your follow iOS masters, swap stories from the trenches, kibbitz about the announcements from WWDC, and get inspired. We'll have a sponsor or two so the drinks will be free!
5:30 – 8:00 PM in the Flatiron District. I will post more details very soon.
The MDM has overshadowed the real dilemma - what solution will provide the same type of service RIM has provided over several years?
Before we can discuss mobile device management we have to provide the email delivery in a timely manner that users have come to expect.
We have looked at the sandbox approach (GoodLink) and the ActivSync native client solutions (McAfee).
Does anyone know of any other vendors that deliver email from the messaging system to the smartphones besides these two?
I wrote a blog post: here that I will repost:
With iOS 6 likely to be announced in a few weeks, I thought I’d explain my wish list from an education/enterprise perspective. Apple has quietly beefed up what mobile device management systems can do with each version of iOS (a lot of new things in iOS 5).
1. The ability to disable automatic Software Update (or require passcode to download)
While I love the ability to do over the air iOS updates, I also want to control when it happens. I don’t want a student to be able to install an update that I have not tested with our mission critical applications.
2. Install apps wirelessly with volume purchase program codes with no interaction from end user
While a lot of MDM providers have the ability to push apps to devices, they still require the end user to enter an iTunes password. I want to be able to silently install (and update) applications without an end user having to do anything.
3. Google Apps style iCloud account creation
While I love iCloud for personal use, it is tough use to use in an education/enterprise setup. The users either have to create their own account (most won’t do it) or I have to do it and then I will be responsible for keeping up with their information. Google Apps gives me all the benefits of a Google account while also being able to have control (set permissions, reset passwords, etc). I would love to be able to do this for iCloud
4. Require pass code to enter Settings.app (or a toggle switch to turn off each setting individually)
This has become an issue with students using school owned iPads (cart scenario). Some of the students have found their way into the universal access section and changed some of those settings. I’d prefer to be able to lock them out of Settings.app in general. Apple currently allows me to lock down Mail, Twitter, and iCloud.
- Comparison of MDM Providers (773,833)
- Complete List of iOS User-Agent Strings (394,008)
- How to get remote viewing/control of the IPAD screen via internet or preferably 3G? (253,723)
- Apple Configurator vs. MDM (156,980)
- iOS Devices (134,810)
- Mobile Device Management (100,004)
- Apple Profile Manager (97,772)
- Batch Apple ID Creator (90,584)
- Gartner Magic Quadrant for MDM (2014, 2012, 2011) (87,939)
- SimpleMDM (84,529)
Mobile Management Provider changed by 7PMDM 2 days ago
Mobile Management Provider changed by taylor 1 week ago
Story added by Aaron Freimark 1 week ago
Mobile Management Provider changed by taylor 1 week ago
Mobile Management Provider changed by MDMforALL 1 week ago
Story added by Aaron Freimark 2 weeks ago
Story added by Aaron Freimark 3 weeks ago
Story added by brendan 3 weeks ago
Story added by Aaron Freimark 4 weeks ago
Story added by Aaron Freimark 4 weeks ago
Wiki Page changed by Aaron Freimark 4 weeks ago
Forum topic added by taylor 5 weeks ago
Forum topic added by Mahesh 6 weeks ago
Story comment by taylor 7 weeks ago
Wiki Page changed by Aaron Freimark 7 weeks ago
Story added by Aaron Freimark 7 weeks ago
Mobile Management Provider changed by Aaron Freimark 7 weeks ago
Forum topic comment by Elizabeth Hale 23 weeks ago
Mobile Management Provider changed by Simo Kari 24 weeks ago
Forum topic comment by jpref 24 weeks ago