Creating Enterprise Friendly Apps

33
Creating Enterprise Friendly iOS Apps MoDevEast 2013 December 12, 2013

Transcript of Creating Enterprise Friendly Apps

Page 1: Creating Enterprise Friendly Apps

Creating Enterprise Friendly iOS Apps

MoDevEast 2013 December 12, 2013

Page 2: Creating Enterprise Friendly Apps

About Me

Tony Lenzi

Technical Lead and iOS Developer

[email protected]

@tonylenzi

Page 3: Creating Enterprise Friendly Apps
Page 4: Creating Enterprise Friendly Apps
Page 5: Creating Enterprise Friendly Apps

Increasing Demand• 57% of CIOs say that mobile devices and apps

are a high priority or essential to their strategic agenda

• 89% of enterprises support email on mobile phones and tablets

• Communications and productivity apps dominate

Source: “Managing the Complete Customer Experience”, Peggy Anne Salz GigaOm Research

Page 6: Creating Enterprise Friendly Apps

Apps Deliver Value

• Organizations want apps that enable interactions that deliver value to their company and their customers

• Employees are customers too

• MDM solutions make it easier for IT to manage

Page 7: Creating Enterprise Friendly Apps

- IT integrator at a Fortune 500

“I want a Blackberry experience on iOS.”

Page 8: Creating Enterprise Friendly Apps

IT Crackberry• Easy to configure and distribute

• Minutes, not hours

• IT always has control of data on the device

• Normally purchased and owned by the company

• Device separation

Page 9: Creating Enterprise Friendly Apps

Confidentiality

AvailabilityIntegrity

Information!Security

Page 10: Creating Enterprise Friendly Apps

What’s Changed

Page 11: Creating Enterprise Friendly Apps

User Expectations

• Rapidly evolving apps that consumers use every day

• Emphasis on words like “delight”, “engaging”, and “experience”

• Why can’t I do this on my phone or tablet?

Page 12: Creating Enterprise Friendly Apps

Enterprises need the benefits delivered by

consumer driven apps, but they also need to

retain some of the protections provided by

traditional enterprise software.

Page 13: Creating Enterprise Friendly Apps

Data separation, not device separation, enables users and protects the enterprise.

How can we enable enterprises to control the use of their data in our apps?

Page 14: Creating Enterprise Friendly Apps

iOS 7 in the EnterpriseManagement

Authentication

Networking

Data Security

Page 15: Creating Enterprise Friendly Apps

Mobile Device Management• Allows IT to manage devices, (un)install apps and

data

• Single Sign-On

• Per-app VPN

• Managed “Open In”

• iOS 7 allows pushing configuration files to managed apps

Page 16: Creating Enterprise Friendly Apps
Page 17: Creating Enterprise Friendly Apps

App Configuration

• Read a configuration dictionary from an MDM server using [[NSUserDefaults standardUserDefaults] objectForKey: @“com.apple.configuration.managed”]

• Listen for changes using NSUserDefaultsDidChangeNotification

Page 18: Creating Enterprise Friendly Apps

Config Use Cases

• Disable iCloud sharing

• Bootstrap URLs for services

• Company file share location

• Things IT may want to customize to make your app usable on the first run

Page 19: Creating Enterprise Friendly Apps

// config pushed by MDM stored here NSDictionary *mdmConfig = [ [NSUserDefaults standardUserDefaults] dictionaryForKey:@“com.apple.configuration.managed”

]; !NSNumber *enableCloudSync = mdmConfig[@“enableCloudSync”];

!// check that it exists and is the correct type if(enableCloudSync && [enableCloudSync isKindOfClass:[NSNumber class]]) { … } else { // set default value for when unmanaged }

Page 20: Creating Enterprise Friendly Apps

App Feedback• Write feedback to NSUserDefaults key com.apple.feedback.managed!

• MDM server will read this dictionary from managed apps

• Error and usage statistics

• Aggregate and respect privacy

Page 21: Creating Enterprise Friendly Apps

- (void) webServiceTimeOut { self.timeOutCount += 1; NSMutableDictionary *feedback = [ [NSUserDefaults standardUserDefaults] dictionaryForKey:@“com.apple.feedback.managed”] mutableCopy]; ! if(!feedback) feedback = [NSMutableDictionary dictionary]; ! feedback[@“timeOutCount”] = @(self.timeOutCount); [[NSUserDefaults standardUserDefaults] setObject:feedback forKey:@“com.apple.feedback.managed”]; } !

Page 22: Creating Enterprise Friendly Apps

and remember…• NSUserDefaults is unprotected

• Check the defaults every time the app starts

• Validate your input types and values

• Keep it small

• Document your configurable settings

Page 23: Creating Enterprise Friendly Apps

Single App Mode

• MDM can control

• In iOS 7, a managed app may request permission to go to single app mode: UIAccessibilityRequestGuidedAccessSession()

• Client demo mode, cash registers, specific employee roles, quizzes and exams

Page 24: Creating Enterprise Friendly Apps

Single Sign-OnBuilt Into iOS!

• App uses NSURLConnection and/or NSURLSession

• IT defines app bundle IDs on their MDM server

• Secured using Kerberos, password stored in the keychain, not inside the apps

• NSURLConnection is the backbone of AFNetworking, NSURLSession is extended in AFNetworking 2.0

Page 25: Creating Enterprise Friendly Apps

Per-App VPNBuilt Into iOS

App 1 App 2 App 3

VPN

Enterprise

Internet

Page 26: Creating Enterprise Friendly Apps

Control Data Usage

• Enterprise users may want to limit how much cellular data their users use

• urlRequest.allowsCellularAccess = NO;

• Another opportunity to use managed configuration profiles to give IT more control

Page 27: Creating Enterprise Friendly Apps

Data Security

Built Into iOS!

• Installed apps are protected automatically with NSFileProtectionCompleteUntilFirstAuthentication in iOS 7

• Consider the sensitivity of each file or type of data you are saving

Page 28: Creating Enterprise Friendly Apps

• NSFileProtectionNoneread or write anytime

• NSFileProtectionCompleteencrypted unless the device is unlocked

• NSFileProtectionCompleteUnlessOpenif the file is open when unlocked, you may continue to access it even if the user locks the device.

• kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly keeps keychain secrets on one device

Page 29: Creating Enterprise Friendly Apps

Managed “Open In”

• Not every business wants their “business” on Facebook

• Managed apps only share data with other managed apps

Page 30: Creating Enterprise Friendly Apps

App Licensing• Apple is now allowing volume purchasers to buy

licenses that may expire and/or be reassigned to other users

• Opens up purchasing models for schools, others who may share and reuse devices

• If you support this model, you need to be aware of app revocation

Page 31: Creating Enterprise Friendly Apps

Receipts and Revocation• iOS 7 receipts now include volume purchase

information

• Information that ties your app to this device is on the receipt

• Validate that the receipt is still valid using StoreKit

• You can not quit the app if it’s invalid, but you can degrade the features/experience

Page 32: Creating Enterprise Friendly Apps

Questions

Page 33: Creating Enterprise Friendly Apps

References• “Extending your Apps for Enterprise and

Education Use”Session 301, WWDC 2013

• “Managing Apple Devices”Session 300, WWDC 2013

• “Using Receipts to Protect Digital Sales” Session 308, WWDC 2013