I'm looking at implementing an iOS app that has includes a Content Filter Provider to block access to certain domains when accessed on the device.
This uses NEFilterManager, NEFilterDataProvider and NEFilterControlProvider to handle configuration and manage the network flows and block as necessary.
My question is can you deploy this in an iOS 18+ app on the App Store to devices which are unmanaged, unsupervised and don't use Screen Time APIs?
Although not 100% clear, this technote seems to say it is not possible: https://developer.apple.com/documentation/Technotes/tn3134-network-extension-provider-deployment
Testing this on a Developer device and build works successfully without any MDM profiles installed.
A similar approach using the same APIs also works on macOS once user permissions have been given.
If it can't work on unsupervised, unmanaged iOS devices, is possible for the user to first manually install a MDM profile which includes the required 'Content Filter' details and then have it work?
If not, how would you filter iOS network traffic on an unmanaged, unsupervised device?
Is it necessary to use a VPN or DNS approach instead (which may be a lot less privacy compliant)?
Right. TN3134 lists the supported deployment scenarios. Things that aren’t listed there aren’t supported.
I wouldn’t.
To be clear, the limitations on content filter are not an accidental omission but an expression of a privacy policy.
I’m not sure what you mean by “VPN or DNS approach” but, if you’re planning to use a packet tunnel provider for this, please note the advice in TN3120 Expected use cases for Network Extension packet tunnel providers.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"