Your SlideShare is downloading. ×
Creating Enterprise Friendly Apps
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.


Introducing the official SlideShare app

Stunning, full-screen experience for iPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Creating Enterprise Friendly Apps


Published on

Published in: Technology

  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide


  • 1. Creating Enterprise Friendly iOS Apps MoDevEast 2013 December 12, 2013
  • 2. About Me Tony Lenzi Technical Lead and iOS Developer @tonylenzi
  • 3. Increasing Demand • 57% of CIOs say that mobile devices and apps are a high priority or essential to their strategic agenda • 89% of enterprises support email on mobile phones and tablets • Communications and productivity apps dominate Source: “Managing the Complete Customer Experience”, Peggy Anne Salz GigaOm Research
  • 4. Apps Deliver Value • Organizations want apps that enable interactions that deliver value to their company and their customers • Employees are customers too • MDM solutions make it easier for IT to manage
  • 5. “I want a Blackberry experience on iOS.” - IT integrator at a Fortune 500
  • 6. IT Crackberry • Easy to configure and distribute • Minutes, not hours • IT always has control of data on the device • Normally purchased and owned by the company • Device separation
  • 7. Confidentiality Information! Security Integrity Availability
  • 8. What’s Changed
  • 9. User Expectations • Rapidly evolving apps that consumers use every day • Emphasis on words like “delight”, “engaging”, and “experience” • Why can’t I do this on my phone or tablet?
  • 10. Enterprises need the benefits delivered by consumer driven apps, but they also need to retain some of the protections provided by traditional enterprise software.
  • 11. Data separation, not device separation, enables users and protects the enterprise. How can we enable enterprises to control the use of their data in our apps?
  • 12. iOS 7 in the Enterprise Management Authentication Networking Data Security
  • 13. Mobile Device Management • Allows IT to manage devices, (un)install apps and data • Single Sign-On • Per-app VPN • Managed “Open In” • iOS 7 allows pushing configuration files to managed apps
  • 14. App Configuration • Read a configuration dictionary from an MDM server using 
 [[NSUserDefaults standardUserDefaults] objectForKey:
 @“”] • Listen for changes using NSUserDefaultsDidChangeNotification
  • 15. Config Use Cases • Disable iCloud sharing • Bootstrap URLs for services • Company file share location • Things IT may want to customize to make your app usable on the first run
  • 16. // config pushed by MDM stored here NSDictionary *mdmConfig = [ [NSUserDefaults standardUserDefaults] dictionaryForKey:@“” ]; ! NSNumber *enableCloudSync = mdmConfig[@“enableCloudSync”]; ! // check that it exists and is the correct type if(enableCloudSync && [enableCloudSync isKindOfClass:[NSNumber class]]) { … } else { // set default value for when unmanaged }
  • 17. App Feedback • Write feedback to NSUserDefaults key! • MDM server will read this dictionary from managed apps • Error and usage statistics • Aggregate and respect privacy
  • 18. - (void) webServiceTimeOut { self.timeOutCount += 1; NSMutableDictionary *feedback = [ [NSUserDefaults standardUserDefaults] dictionaryForKey:@“”] mutableCopy]; ! if(!feedback) feedback = [NSMutableDictionary dictionary]; ! } ! feedback[@“timeOutCount”] = @(self.timeOutCount); [[NSUserDefaults standardUserDefaults] setObject:feedback forKey:@“”];
  • 19. and remember… • NSUserDefaults is unprotected • Check the defaults every time the app starts • Validate your input types and values • Keep it small • Document your configurable settings
  • 20. Single App Mode • MDM can control • In iOS 7, a managed app may request permission to go to single app mode:
 UIAccessibilityRequestGuidedAccessSession() • Client demo mode, cash registers, specific employee roles, quizzes and exams
  • 21. Single Sign-On Built Into iOS! • App uses NSURLConnection and/or NSURLSession • IT defines app bundle IDs on their MDM server • Secured using Kerberos, password stored in the keychain, not inside the apps • NSURLConnection is the backbone of AFNetworking, NSURLSession is extended in AFNetworking 2.0
  • 22. App 1 App 2 App 3 VPN Internet Enterprise Per-App VPN Built Into iOS
  • 23. Control Data Usage • Enterprise users may want to limit how much cellular data their users use • urlRequest.allowsCellularAccess = NO; • Another opportunity to use managed configuration profiles to give IT more control
  • 24. Data Security Built Into iOS! • Installed apps are protected automatically with NSFileProtectionCompleteUntilFirstAuthentication in iOS 7 • Consider the sensitivity of each file or type of data you are saving
  • 25. • NSFileProtectionNone
 read or write anytime • NSFileProtectionComplete
 encrypted unless the device is unlocked • NSFileProtectionCompleteUnlessOpen
 if the file is open when unlocked, you may continue to access it even if the user locks the device. • kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly
 keeps keychain secrets on one device
  • 26. Managed “Open In” • Not every business wants their “business” on Facebook • Managed apps only share data with other managed apps
  • 27. App Licensing • Apple is now allowing volume purchasers to buy licenses that may expire and/or be reassigned to other users • Opens up purchasing models for schools, others who may share and reuse devices • If you support this model, you need to be aware of app revocation
  • 28. Receipts and Revocation • iOS 7 receipts now include volume purchase information • Information that ties your app to this device is on the receipt • Validate that the receipt is still valid using StoreKit • You can not quit the app if it’s invalid, but you can degrade the features/experience
  • 29. Questions
  • 30. References • “Extending your Apps for Enterprise and Education Use”
 Session 301, WWDC 2013 • “Managing Apple Devices”
 Session 300, WWDC 2013 • “Using Receipts to Protect Digital Sales”
 Session 308, WWDC 2013