even with the current release of iOS13.5 it is possible to jailbreak an iOS device, to either customize your design or even worse to get around systemlevel security
first your need to download AltStore, also sideload any ipa without a jailbreak
android device arrive with alot of preinstalled app like facebook, flipboard, skype and for sure google service (youtube,maps,gmail,etc.) – for private use this is anoying, but for business it is essential to secure the usecase
android enterprise
when enabling Android Enterprise for Kiosk/Company devices, during setup the default apps could be disabled with this switch – PROVISIONING_LEAVE_ALL_SYSTEM_APPS_ENABLED – Samsung offers this with it’s KNOX Mobile Enrollmentand google with buildin zero-touch service
be aware that you loose the native camera app if your usecase require one
device management
after your device is enrolled in mobile device managment system (emm, uem or whatever) your able to restrict installed apps by package name, apps differ from device manufaturer and os level, package names also useful to arrange/allow in kiosk setup, for samsung XCover4s these are:
com.samsung.android.messaging
com.sec.android.app.samsungapps
com.samsung.android.calendar
com.samsung.android.email.provider
com.sec.android.app.myfiles
com.sec.android.gallery3d
com.sec.android.app.clockpackage.clockpackage
com.sec.android.app.clockpackage.alarm.alarmalert
com.google.android.gm
com.google.android.youtube
com.google.android.googlequicksearchbox
com.sec.android.app.fm
com.google.android.apps.maps
com.samsung.android.contacts
com.samsung.android.dialer
com.samsung.android.game.gamehome
com.sec.factory.camera
com.sec.android.app.camera
com.sec.android.app.clockpackage
com.sec.android.app.sbrowser
com.microsoft.skydrive
com.facebook.katana
adb tools
remove bloatware from a single device or find from from a reference device locally connected
tim cook recently spoke about user data and privacy, while criticizing technology companies, like google or facebook
iOS is enterprise’s first choice for mobile activity, egnyte‘s enterprise insight showed a clear weighting and content is getting more more mobile
the biggest change since iOS5 introduced supervised devices and open-in management debuted in iOS7
iOS 13 will available in fall 2019 – since google is pushing hard with android enterprise to fit business needs, with it’s buildin containerization based on samsung’s KNOX – iOS 13 provide more granular security and better privacy restriction
enrollment methods
there are already rolled out thousands of iOS devices with either manually installing a mdm profile (uamdm) or centralized with device enrollment program (dep) to get the device under control of a unified endpoint management (uem) – additionally you can enable your iOS device as supervised either while dep enrolled or via apple configurator connected to a mac
newly added – user enrollment – previously an administrator of a managed device was able to retrieve the installed apps, remove the passcode or wipe the entire device – at least the privacy controls of the registered uem prohibit this features to individuals – with user enrollment there are huge improvements to the users privacy
user needs to login with managed apple id
uem unable to retrieve device information like IMEI, serial or mac address
private apps aren’t reported to uem
no control about device passcode or to wipe the entire device
still the configuration of wifi, vpn or exchange accounts will available
other existing restrictions reserved for supervised devices, see listing below
restriction changes
allowSafari, available since iOS 4, require supervised device as of iOS 13
allowVideoConferencing, available since iOS 4, require supervised device as of iOS 13
allowWiFiPowerModification, available for supervised iOS 13 devices
safariAllowAutoFill, available since iOS 4, require supervised device as of iOS 13
allowAddingGameCenterFriends, available since iOS 4.2.1, require supervised device as of iOS 13
allowAppInstallation, available since iOS 4, require supervised device as of iOS 13
allowCamera, available since iOS 4, require supervised device as of iOS 13
allowCloudBackup, available since iOS 5, require supervised device as of iOS 13
allowCloudDocumentSync, available since iOS 5, require supervised device as of iOS 13
allowCloudKeychainSync, available since iOS 7, require supervised device as of iOS 13
allowContinuousPathKeyboard, available for supervised iOS 13 devices
allowExplicitContent, available since iOS 4, require supervised device as of iOS 13
allowFindMyDevice, available for supervised iOS 13 devices
allowFindMyFriends, available for supervised iOS 13 devices
allowiTunes, available since iOS 4, require supervised device as of iOS 13
allowMultiplayerGaming, available since iOS 4.1, require supervised device as of iOS 13
read a full list of apple’s device management restrictions here
Sign in with Apple vs. managed Apple ID
while sign in with apple is the approach to to compete with google or facebook as a identity provider (idp) for external services, for business on the other hand managed Apple IDs were so far to manage functions of Apple Business Manager, since WWDC 2019 it’s necessary to register with user enrollment, enterprise create additional account’s for byod user to add to their device, keeps data completely separated between both accounts, hopefully compared to now:
iPadOS
along with iOS13 apple separate to path between iPhone and iPad with a standalone OS, finally iPadOS can provide more feature to the tablet, a classic desktop replacement could possible – view the demo below
stay tuned for final release around mid-september with likely new 2019 iPhone
today’s employees use at least two or more devices to do daily work on various os at different versions – it is time for a new class of tools – unified endpoint management (uem) combine the management of multiple endpoint types in a single console
evolution
from pc configuration lifecycle management (pcclm) via client management tools (cmt) to unified endpoint management (uem) – companies listed in the client management tools magic quadrant already transformed, other a overruled
content
while enterprise mobility management (emm) is highly competitive and rapidly transforming — for instance, good technology, which was in gartner’s magic quadrant in 2015, was acquired by blackberry, airwatch was acquired by vmware in 2014 – emm contains of:
mobile device management (mdm)
mobile application management (mam)
mobile identity (mi)
mobile content management (mcm)
uem combine cmt + emm + iot
benefit
reduce it management cost – a single tool
improved security – get the best of both
better insights – reporting
prepared – enterprise of things
gartner
magic quadrant reports the ability to execute and completeness of vision for vendors – read full report here
tco
according to gartner research, the annual tco of a fully managed smartphone using emm is almost
80% lower than the annual tco of a fully managed desktop using cmt
madereal - enterprise mobility - innovation 