Geek Answers Handbook

Programmatically verify that the MDM profile (configuration) was successfully ported to an iOS device?

I am writing an iOS client application that sends a request to a server that is wrapping up and asks that the updated configuration profile be transferred to my device through an external MDM (AirWatch). I believe that the profile is displayed in Settings -> General -> Profiles . When MDM finishes processing the profile profile (sent or queued, I'm not sure), it responds to the calling server, saying β€œyes, the profile was clicked”, which echoes this response to my client application.

The problem is that it actually takes 30 seconds for the profile to be clicked / installed on the device, and the web service response is much shorter. Therefore, my client application believes that the configuration profile is installed, and it allows the application to continue working while the profile is still unavailable. I would like to be able to detect when a profile is successfully clicked on my device, and not let the application continue to work until this happens. My other option is to make a pop-up message stating that the profile has been successfully clicked, but I still need to determine the installed profile.

In most cases, Q & A on stackoverflow doesn't seem to be able to request configuration profiles, but I was wondering if there were any problems that people recently tried to use. I was thinking about the following possibilities - but I do not know what is preferred, or if it is possible even with iOS7 (as of 2/12/2014).

  • Request installed profiles for what I need (it sounds impossible from most Q&A that I saw; I don’t know if the changes in iOS7 have changed)
    • What if I know the exact profile name I was looking for?
  • Add notification listener for MDM clicks
    • Use registerForRemoteNotificationTypes / didReceiveRemoteNotification or didFinishLaunchingWithOptions
    • Clicking MDM may happen outside of my application, so the sandbox may interfere
    • Can you listen on a port that uses MDM?
  • Listen to changes to profile configuration settings
  • Add a request on the server to request a device for the installed profile and call it before sending a response to the client
  • Verify certificate verification by including a self-signed certificate in the profile and verifying it
    • It seems a bit hacky, and I'm not sure if my MDM will let me do this.
  • Use reachability methods

As a note, I reviewed the following links and more:

Thanks in advance!

+4
source share
1 answer

It is not possible for your application to determine whether a configuration profile has been installed, since there are no (publicly available) APIs that allow the application to request the profiles that are installed for it, and you cannot determine if a push MDM notification was sent to the device. You will need to rely on your MDM (AirWatch) to determine with confidence that the profile is installed.

When AirWatch pushes the profile to the device, it will receive a confirmation that the profile has been installed, but only until AirWatch requests all installed profiles to let it know that the profile has been installed. I saw that shortly after AirWatch sends the profile installation command, it will re-request the list of profiles on the device so that it is possible to simply poll the server several times and wait until you see that the profile is installed, I did not spend much time in the API AirWatch REST, but I suppose it's possible.

Other than that, the only other parameter I can see is to do something with Reachability to determine if the VPN tunnel is configured.

+4
source

More articles:


All Articles