How does MDM in IOS really work?

StackOverflow https://stackoverflow.com//questions/24042374

  •  21-12-2019
  •  | 
  •  

Question

I'm going to attend a MDM project in iOS (client side) but after searching, I still don't know how MDM really works. Can anyone explain something for me?

Problem:

My server needs to control the list of applications are installed on devices (install and remove app).

Expected Solution:

  • There need an app installed on devices which plays the role of client (MY APP).
  • When needed, server will push a notification to client via Apple push notification server.
  • After receiving notification, client app will connect to server to get server command (ex: installing app A)
  • After getting command, MY APP automatically download A and install it.

My question: Is that the way MDM work?

  • If yes, how MY APP can install another app when it has no right to do it (due to sandbox) and whether server can config the access right for an app on devices. If possible, anyone can give me an example of code for MDM client side to clear my stuff things?

  • If no, it means that the server will be the one who install app A on device (instead of MY APP). In that case, how server can do that?

Was it helpful?

Solution

iOS MDM is clientless protocol. So, you develop a server, but you don't develop a client application for it. Actually, there is a client app, but it's developed by Apple and built into operation system.

So, your server will send a command, built-in MDM client will receive and execute it.

Generally speaking, if you want to develop MDM server, you need to register into Enterprise Developer Program and get MDM documentation.

There is some reverse engineered documentation here: http://media.blackhat.com/bh-us-11/Schuetz/BH_US_11_Schuetz_InsideAppleMDM_WP.pdf

And iOS MDM protocol support Install/Remove application command.

OTHER TIPS

MDM means Mobile Device Management. This is same concept used in many corporations have been using for desktops and laptops. They installs some softwares on PCs that allows to monitor activities on those PCs. Same way in MDM they installs applications on your mobile device that allows to monitor activities on mobile devices.

You can refer some MDM provider to get batter idea. e.g. http://www.air-watch.com/

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top