Unique Identifiers for iOS MDM

Question

Since Apple is deprecating Unique Device Identifier for apps, what is the best approach to link back an Enterprise App on a device that has been enrolled with MDM?

From MDM Protocol reference document, the enrollment is still using the the UDID for check-in procedure.

We can't use the new identifierForVendor because it is not as the same as the UDID for the check-in.

Let me update how i implemented my MDM solution,

1. Device will check-in to MDM server with a token and device UDID (the one that Apple is removing the API)
2. Device will send device info to MDM server (Wifi MAC Addr, Serial number, OS version, and other infos)
3. There will be a client app that will be talking to MDM server via RESTful API. (Previously i was using the UDID as a key identifier)

I was thinking of using the MAC Address but in the latest iOS 7 the system will always return value 02:00:00:00:00:00.

We also can't get the device serial number.

So my question again, how can we know this app on this device belongs to this MDM enrollment on the server on (3). Because now, the app doesnt have any common key to be referred with the checked-in process. How will the server know which device is which?

Thanks.

Answer 1

The best way, and perhaps the only way, is to use the new Managed Apps configuration capabilities in iOS 7. You could have your MDM push down something like an API key to your app. Then your app presents that key in your call back to your MDM server or any other web service.

Once you push your config down to your app, you could pull out the API key with something like the below. Most of the mainstream MDM solutions already support this type of functionality in their latest versions.

NSDictionary *config = [[NSUserDefaults standardUserDefaults] dictionaryForKey:@"com.apple.configuration.managed"];
NSString *apiKey = config[@"kAPIKey"];

if (apiKey) {
    //We got an API key and we can use it
} else {
    //We didn't get an API key...something has gone wrong
}

Answer 2

However lidsinker's answer is true, let me focused on it so some others who are searching for this can be helped.

You can create Enterprise app and can install it via MDM. Once device enrolled, MDM can install Enterprise app to the device. MDM can also set default configuration in NSUserDefault.

App can read it whenever it launch as above described in lidsinker's answer.

Apple provide example here. https://developer.apple.com/library/content/samplecode/sc2279/Introduction/Intro.html

Answer 3

I would have a read of this source I found a few months ago; http://www.doubleencore.com/2013/04/unique-identifiers/

From there I used the CFUUID method which has served me well.

NSString *uniqueID = [NSString stringWithFormat:@"%@", CFUUIDCreateString(NULL, CFUUIDCreate(NULL))];

Answer 4

In iOS 7, Apple now always returns a fixed value when querying the MAC to specifically thwart the MAC as base for an ID scheme. So you now really should use -[UIDevice identifierForVendor] or create a per-install UUID.

Answer 5

[UIDevice uniqueIdentifier] has been replaced with [[UIDevice identifierForVendor] UUIDString] in iOS 6.0.