Creating Enterprise Friendly iOS Apps

Embed Size (px)


You don't need to be enterprise distributed to be an enterprise friendly app. Perhaps you have the next great business solution packaged up in an app, but you just can't get companies to bite. iOS 7 has introduced a variety of ways to make the day to day lives of IT departments easier, and you can make some changes to your application to make it easier for IT to sign off on that purchase of a few hundred copies of your iOS app. In this talk, we'll cover many of the new configuration and management tools included in iOS 7 including: - Mobile Device Mangement (MDM) configuration options - Facilitating control of application sharing (maybe that sensitive file shouldn't be published to Facebook) - App data protection - Enterprise single sign-on - App Store license management

Text of Creating Enterprise Friendly iOS Apps

  • 1. Creating Enterprise Friendly iOS Apps MoDevEast 2013 December 12, 2013

2. About Me Tony Lenzi Technical Lead and iOS Developer @tonylenzi 3. Increasing Demand 57% of CIOs say that mobile devices and apps are a high priority or essential to their strategic agenda89% of enterprises support email on mobile phones and tabletsCommunications and productivity apps dominate Source: Managing the Complete Customer Experience, Peggy Anne Salz GigaOm Research 4. Apps Deliver Value Organizations want apps that enable interactions that deliver value to their company and their customersEmployees are customers tooMDM solutions make it easier for IT to manage 5. I want a Blackberry experience on iOS. - IT integrator at a Fortune 500 6. IT Crackberry Easy to congure and distributeMinutes, not hoursIT always has control of data on the deviceNormally purchased and owned by the companyDevice separation 7. CondentialityInformation! Security IntegrityAvailability 8. Whats Changed 9. User Expectations Rapidly evolving apps that consumers use every dayEmphasis on words like delight, engaging, and experienceWhy cant I do this on my phone or tablet? 10. Enterprises need the benets delivered by consumer driven apps, but they also need to retain some of the protections provided by traditional enterprise software. 11. Data separation, not device separation, enables users and protects the enterprise. How can we enable enterprises to control the use of their data in our apps? 12. iOS 7 in the Enterprise Management Authentication Networking Data Security 13. Mobile Device Management Allows IT to manage devices, (un)install apps and dataSingle Sign-OnPer-app VPNManaged Open IniOS 7 allows pushing conguration les to managed apps 14. App Conguration Read a conguration dictionary from an MDM server using [[NSUserDefaults standardUserDefaults] objectForKey:]Listen for changes using NSUserDefaultsDidChangeNotification 15. Cong Use Cases Disable iCloud sharingBootstrap URLs for servicesCompany le share locationThings IT may want to customize to make your app usable on the rst run 16. // config pushed by MDM stored here NSDictionary *mdmConfig = [ [NSUserDefaults standardUserDefaults] ]; !NSNumber *enableCloudSync = mdmConfig[@enableCloudSync]; !// check that it exists and is the correct type if(enableCloudSync && [enableCloudSync isKindOfClass:[NSNumber class]]) { } else { // set default value for when unmanaged } 17. App Feedback Write feedback to NSUserDefaults key!MDM server will read this dictionary from managed appsError and usage statisticsAggregate and respect privacy 18. - (void) webServiceTimeOut { self.timeOutCount += 1; NSMutableDictionary *feedback = [ [NSUserDefaults standardUserDefaults]] mutableCopy]; !if(!feedback) feedback = [NSMutableDictionary dictionary]; !} !feedback[@timeOutCount] = @(self.timeOutCount); [[NSUserDefaults standardUserDefaults] setObject:feedback]; 19. and remember NSUserDefaults is unprotectedCheck the defaults every time the app startsValidate your input types and valuesKeep it smallDocument your congurable settings 20. Single App Mode MDM can controlIn iOS 7, a managed app may request permission to go to single app mode: UIAccessibilityRequestGuidedAccessSession()Client demo mode, cash registers, specic employee roles, quizzes and exams 21. Single Sign-On Built Into iOS! App uses NSURLConnection and/or NSURLSessionIT denes app bundle IDs on their MDM serverSecured using Kerberos, password stored in the keychain, not inside the appsNSURLConnection is the backbone of AFNetworking, NSURLSession is extended in AFNetworking 2.0 22. App 1App 2App 3VPNInternetEnterprisePer-App VPN Built Into iOS 23. Control Data Usage Enterprise users may want to limit how much cellular data their users useurlRequest.allowsCellularAccess = NO;Another opportunity to use managed conguration proles to give IT more control 24. Data Security Built Into iOS! Installed apps are protected automatically with NSFileProtectionCompleteUntilFirstAuthenticationin iOS 7 Consider the sensitivity of each le or type of data you are saving 25. NSFileProtectionNone read or write anytimeNSFileProtectionComplete encrypted unless the device is unlockedNSFileProtectionCompleteUnlessOpen if the le is open when unlocked, you may continue to access it even if the user locks the device.kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly keeps keychain secrets on one device 26. Managed Open In Not every business wants their business on FacebookManaged apps only share data with other managed apps 27. App Licensing Apple is now allowing volume purchasers to buy licenses that may expire and/or be reassigned to other usersOpens up purchasing models for schools, others who may share and reuse devicesIf you support this model, you need to be aware of app revocation 28. Receipts and Revocation iOS 7 receipts now include volume purchase informationInformation that ties your app to this device is on the receiptValidate that the receipt is still valid using StoreKitYou can not quit the app if its invalid, but you can degrade the features/experience 29. Questions 30. References Extending your Apps for Enterprise and Education Use Session 301, WWDC 2013Managing Apple Devices Session 300, WWDC 2013Using Receipts to Protect Digital Sales Session 308, WWDC 2013