https://stackoverflow.com/questions/21919647
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianMDM allows you to install an app to a device and yank an app from a device. All you have to do via MDM is to make sure that a device isnt' authorized anymore, it will trigger MDM profile removal and it will trigger uninstallation of all apps installed via MDM.
Does in-house app distribution allow rescinding authorization to use the app?
-
14-10-2022 - |
Question
My client (in the financial services sector) wants to distribute an iOS financial planning app to affiliated agents, but not to the public. Furthermore, the client wishes to "kill" the app if the agent terminates their affiliation with my client.
I'm looking at the in-house certificate program. My client could provision and distribute the app via the in-house mechanism, and if an MDM was accessible over the web, I think we could authorize installation that way. Correct?
Most importantly: Can I somehow stop the app's functioning if the agent affiliation ends?
Solution
OTHER TIPS
I would suggest you to look into the WSO2 Enterprise Mobility Manager which is an open source Mobility Management solution that solves provisioning of Enterprise Apps to enroll devices.
(Disclaimer I was part of the development team :) )
I realize this has already been answered, but this can be done without MDM. I designed an infrastructure at my company (4000+ employees) so that every time the app is launched it checks to see if the user is still authorized (in our case, we use the identifierForVendor to associate a device with a network id) and that the device is also still authorized (same identifierForVendor info is stored). We can either turn off access for a single user (disable the network account), turn off access for a single device the user has (stolen or misplaced devices) by banning that device id, or since we are using APIKeys for the application, we can turn off access to all users of that app by changing the APIKey.
With the right infrastructure, device and user authorization can be done without MDM. They may still have the app on the device, but it won't work when authorization is turned off.
As the OP mentioned that the app will be used by limited people/agents via in-house distribution and will not be used by public, then we can use exit(0).
Here is the scenario.
On app launch, we will call an API which will check the affiliation of the user and if it is false, then we will write the code “exit(0)” which will instantly crash the app and user will not be able to run the app beyond that point.
P.S:- If the app will be submitted on Apple, then Apple may reject it as we are terminating the app forcefully. In other words, the app is crashing.
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
