Hi, I'm creating a content filter app for IOS using network extension capabilities, I need to protect it from being deleted, because if it was deleted, the filter rules become useless, I know you can restrict all apps deletion using configuration profile, but that is not a solution, I only want my app to be prevented from being deleted or at least block internet access if app is not installed ?
Prevent Specific App Deletion
Do you really hope to block Internet access when user uninstall your app ? Are you in MDM environment ?
I'm creating a content filter app for IOS using network extension capabilities, I need to protect it from being deleted, because if it was deleted, the filter rules become useless, I know you can restrict all apps deletion using configuration profile, but that is not a solution,
The Network Extension APIs do not prevent the deletion of apps on iOS or macOS. The main distribution method for Content Filters on iOS is in a supervised environment. Knowing this, why is using a MDM provider to prevent deletion of your app, not a solution?
Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com
mmmm
No not on MDM environment, mostly will be used without MDM, for now I'm using Apple Configurator 2, if blocking Internet access when user uninstall the app is a solution, I will use it.
blocking Internet access when user uninstall the app is a solution, I will use it
AFAIK, it is impossible. And I hope it will never be possible for an app I installed and delete to block my Internet access.
And I hope it will never be possible for an app I installed and delete to block my Internet access.
Right. A core tenet of iOS is that, excepted in the case of supervised devices, the user is always in control of their device. Even in managed environments, the user can opt out of management and thus regain control. The only way to prevent that is to supervise the device, and that’s reserved for devices that are owned by the organisation.
There are two ways to deploy content filters on iOS:
-
On supervised devices
-
In a Screen Time app
You’ve already ruled out MDM, which means the target device can’t be supervised, so does that mean you’re building a Screen Time app?
There is one other way to run a content filter on iOS: During development you can enable your content filter programmatically or via a configuration profile. However, this only works for development-signed code, so you can’t deploy a content filter that way.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
no the target device is supervised but not managed by MDM
I’m not sure how to parse this. I think you’re saying that:
-
The target device is supervised.
-
But it is not managed by MDM.
Is that right?
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
yes right
OK.
Earlier I wrote:
You’ve already ruled out MDM, which means the target device can’t be supervised
which was definitely incorrect. It is possible to have a supervised device that’s not managed. Having said that, it’s also pretty weird, which is why I didn’t even consider that possibility.
You wrote:
Is this possible using apple configurator 2 only ?
I don’t know. Device Management like this falls under the purview of Apple Support, not DTS.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
It's possible to mark individual apps as non-removable using MDM or if you have a properly configured app for FamilyControls.. It's not possible using Configurator alone. I think that enrolling the devices in MDM is likely your best choice.