Creating Enterprise
Friendly iOS Apps
MoDevEast 2013
December 12, 2013
About Me
Tony Lenzi
Technical Lead and iOS Developer
tony.lenzi@gmail.com
@tonylenzi
Increasing Demand
•

57% of CIOs say that mobile devices and apps
are a high priority or essential to their strategic
agen...
Apps Deliver Value
•

Organizations want apps that enable
interactions that deliver value to their company
and their custo...
“I want a Blackberry
experience on iOS.”
- IT integrator at a Fortune 500
IT Crackberry
•

Easy to configure and distribute

•

Minutes, not hours

•

IT always has control of data on the device

•...
Confidentiality

Information!
Security
Integrity

Availability
What’s Changed
User Expectations
•

Rapidly evolving apps that consumers use every
day

•

Emphasis on words like “delight”, “engaging”,
...
Enterprises need the benefits delivered by
consumer driven apps, but they also need to
retain some of the protections provi...
Data separation, not device separation,
enables users and protects the enterprise.
How can we enable enterprises to contro...
iOS 7 in the Enterprise
Management
Authentication
Networking
Data Security
Mobile Device Management
•

Allows IT to manage devices, (un)install apps and
data

•

Single Sign-On

•

Per-app VPN

•

...
App Configuration
•

Read a configuration dictionary from an MDM
server using 

[[NSUserDefaults standardUserDefaults]
objec...
Config Use Cases
•

Disable iCloud sharing

•

Bootstrap URLs for services

•

Company file share location

•

Things IT may...
// config pushed by MDM stored here
NSDictionary *mdmConfig = [
[NSUserDefaults standardUserDefaults]
dictionaryForKey:@“c...
App Feedback
•

Write feedback to NSUserDefaults key
com.apple.feedback.managed!

•

MDM server will read this dictionary ...
- (void) webServiceTimeOut {
self.timeOutCount += 1;
NSMutableDictionary *feedback = [
[NSUserDefaults standardUserDefault...
and remember…
•

NSUserDefaults is unprotected

•

Check the defaults every time the app starts

•

Validate your input ty...
Single App Mode
•

MDM can control

•

In iOS 7, a managed app may request
permission to go to single app mode:

UIAccessi...
Single Sign-On
Built Into iOS!
•

App uses NSURLConnection and/or NSURLSession

•

IT defines app bundle IDs on their MDM s...
App 1

App 2

App 3

VPN

Internet

Enterprise

Per-App VPN
Built Into iOS
Control Data Usage
•

Enterprise users may want to limit how much
cellular data their users use

•

urlRequest.allowsCellu...
Data Security
Built Into iOS!
•

Installed apps are protected automatically with
NSFileProtectionCompleteUntilFirstAuthent...
•

NSFileProtectionNone

read or write anytime

•

NSFileProtectionComplete

encrypted unless the device is unlocked

•

N...
Managed “Open In”
•

Not every business wants
their “business” on
Facebook

•

Managed apps only share
data with other man...
App Licensing
•

Apple is now allowing volume purchasers to buy
licenses that may expire and/or be reassigned to
other use...
Receipts and Revocation
•

iOS 7 receipts now include volume purchase
information

•

Information that ties your app to th...
Questions
References
•

“Extending your Apps for Enterprise and
Education Use”

Session 301, WWDC 2013

•

“Managing Apple Devices”
...
Creating Enterprise Friendly Apps
Creating Enterprise Friendly Apps
Creating Enterprise Friendly Apps
Upcoming SlideShare
Loading in …5
×

Creating Enterprise Friendly Apps

1,557 views

Published on

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,557
On SlideShare
0
From Embeds
0
Number of Embeds
280
Actions
Shares
0
Downloads
7
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Creating Enterprise Friendly Apps

  1. 1. Creating Enterprise Friendly iOS Apps MoDevEast 2013 December 12, 2013
  2. 2. About Me Tony Lenzi Technical Lead and iOS Developer tony.lenzi@gmail.com @tonylenzi
  3. 3. Increasing Demand • 57% of CIOs say that mobile devices and apps are a high priority or essential to their strategic agenda • 89% of enterprises support email on mobile phones and tablets • Communications and productivity apps dominate Source: “Managing the Complete Customer Experience”, Peggy Anne Salz GigaOm Research
  4. 4. Apps Deliver Value • Organizations want apps that enable interactions that deliver value to their company and their customers • Employees are customers too • MDM solutions make it easier for IT to manage
  5. 5. “I want a Blackberry experience on iOS.” - IT integrator at a Fortune 500
  6. 6. IT Crackberry • Easy to configure and distribute • Minutes, not hours • IT always has control of data on the device • Normally purchased and owned by the company • Device separation
  7. 7. Confidentiality Information! Security Integrity Availability
  8. 8. What’s Changed
  9. 9. User Expectations • Rapidly evolving apps that consumers use every day • Emphasis on words like “delight”, “engaging”, and “experience” • Why can’t I do this on my phone or tablet?
  10. 10. Enterprises need the benefits delivered by consumer driven apps, but they also need to retain some of the protections provided by traditional enterprise software.
  11. 11. Data separation, not device separation, enables users and protects the enterprise. How can we enable enterprises to control the use of their data in our apps?
  12. 12. iOS 7 in the Enterprise Management Authentication Networking Data Security
  13. 13. Mobile Device Management • Allows IT to manage devices, (un)install apps and data • Single Sign-On • Per-app VPN • Managed “Open In” • iOS 7 allows pushing configuration files to managed apps
  14. 14. App Configuration • Read a configuration dictionary from an MDM server using 
 [[NSUserDefaults standardUserDefaults] objectForKey:
 @“com.apple.configuration.managed”] • Listen for changes using NSUserDefaultsDidChangeNotification
  15. 15. Config Use Cases • Disable iCloud sharing • Bootstrap URLs for services • Company file share location • Things IT may want to customize to make your app usable on the first run
  16. 16. // config pushed by MDM stored here NSDictionary *mdmConfig = [ [NSUserDefaults standardUserDefaults] dictionaryForKey:@“com.apple.configuration.managed” ]; ! NSNumber *enableCloudSync = mdmConfig[@“enableCloudSync”]; ! // check that it exists and is the correct type if(enableCloudSync && [enableCloudSync isKindOfClass:[NSNumber class]]) { … } else { // set default value for when unmanaged }
  17. 17. App Feedback • Write feedback to NSUserDefaults key com.apple.feedback.managed! • MDM server will read this dictionary from managed apps • Error and usage statistics • Aggregate and respect privacy
  18. 18. - (void) webServiceTimeOut { self.timeOutCount += 1; NSMutableDictionary *feedback = [ [NSUserDefaults standardUserDefaults] dictionaryForKey:@“com.apple.feedback.managed”] mutableCopy]; ! if(!feedback) feedback = [NSMutableDictionary dictionary]; ! } ! feedback[@“timeOutCount”] = @(self.timeOutCount); [[NSUserDefaults standardUserDefaults] setObject:feedback forKey:@“com.apple.feedback.managed”];
  19. 19. and remember… • NSUserDefaults is unprotected • Check the defaults every time the app starts • Validate your input types and values • Keep it small • Document your configurable settings
  20. 20. Single App Mode • MDM can control • In iOS 7, a managed app may request permission to go to single app mode:
 UIAccessibilityRequestGuidedAccessSession() • Client demo mode, cash registers, specific employee roles, quizzes and exams
  21. 21. Single Sign-On Built Into iOS! • App uses NSURLConnection and/or NSURLSession • IT defines app bundle IDs on their MDM server • Secured using Kerberos, password stored in the keychain, not inside the apps • NSURLConnection is the backbone of AFNetworking, NSURLSession is extended in AFNetworking 2.0
  22. 22. App 1 App 2 App 3 VPN Internet Enterprise Per-App VPN Built Into iOS
  23. 23. Control Data Usage • Enterprise users may want to limit how much cellular data their users use • urlRequest.allowsCellularAccess = NO; • Another opportunity to use managed configuration profiles to give IT more control
  24. 24. Data Security Built Into iOS! • Installed apps are protected automatically with NSFileProtectionCompleteUntilFirstAuthentication in iOS 7 • Consider the sensitivity of each file or type of data you are saving
  25. 25. • NSFileProtectionNone
 read or write anytime • NSFileProtectionComplete
 encrypted unless the device is unlocked • NSFileProtectionCompleteUnlessOpen
 if the file is open when unlocked, you may continue to access it even if the user locks the device. • kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly
 keeps keychain secrets on one device
  26. 26. Managed “Open In” • Not every business wants their “business” on Facebook • Managed apps only share data with other managed apps
  27. 27. App Licensing • Apple is now allowing volume purchasers to buy licenses that may expire and/or be reassigned to other users • Opens up purchasing models for schools, others who may share and reuse devices • If you support this model, you need to be aware of app revocation
  28. 28. Receipts and Revocation • iOS 7 receipts now include volume purchase information • Information that ties your app to this device is on the receipt • Validate that the receipt is still valid using StoreKit • You can not quit the app if it’s invalid, but you can degrade the features/experience
  29. 29. Questions
  30. 30. References • “Extending your Apps for Enterprise and Education Use”
 Session 301, WWDC 2013 • “Managing Apple Devices”
 Session 300, WWDC 2013 • “Using Receipts to Protect Digital Sales”
 Session 308, WWDC 2013

×