Scripting Bridge and Sandbox - osx-lion

I would like to make an app which would need to get the list of the open tabs in Safari, using the Scripting Bridge. Is it then possible to sandbox such an app so that it can be sold on the App Store?

Maybe -- it’s a question of Store policy. Technically, it’s simple: add this entitlement to your application:
"com.apple.security.temporary-exception.apple-events" = ( "com.apple.safari" );
Your application can now send any Apple events (which are what Scripting Bridge uses) to Safari. However, you’ll have to justify your use of that entitlement, and that’s where the Store policy comes in. In theory, that entitlement is being replaced by com.apple.security.scripting-targets, which is new in Mountain Lion, but it’s a gradual process, and Safari doesn’t support it yet.

Related

Automatic OTA updates in an ios app which is locked down with guided access

My client needs to find a way to automatically push app updates to a number of iphone 3gs devices remotely. These devices will be in guided access mode so the users will only be able to access the app in question.
I believe we have two option for distribution:
B2B custom app via the Volume Purchase Program
In-house app released with the Apple Enterprise Program
Having researched our options I can see that over the air app updates can be achieved by either:
Building an in-app update functionality to check for new updates (Enterprise only I am guessing?) and automatically update and restart the app
Using an MDM such as http://www.air-watch.com/ (as I understand Apple Configurator must have devices plugged in via USB to work?)
I am wondering if anyone can tell me whether either of those options are possible with the devices being in guided access mode?
Or are there any other solutions, which I have missed, that can automatically manage the app remotely while the device is in guided access mode?
You can solve this with an Enterprise distributed app.
App only. Update check for an OTA-Update from your app when the app is coming to the foreground (or some other metric at your clients leisure, like added time delay, etc). Basically self explanatory; you implement a call to your clients/your API to check the version and inform the user of a new one. The update can either be optional or mandatory (preferably announced by the API and changed when needed); present the user with an alert about it. The user acts upon it and you OTA install via an ITMS link provided by your API call. And that's it.
MDM. Tbh, I'm a bit on shaky ground here. Theoretically this is all possible via MDM too, however I am not sure if it is the (varying) MDM solutions or some misconfigurations, but clients usually seem to lose control after some time.
Both. Yes, you can perfectly well live with both. MDM while everything is fine, and as a backup a well structured App+API mechanism to push the OTA updates out. This is especially useful if you have customers where some departments are under MDM and others are not. So, some may get it via MDM (and if all else fails via the App itself), the rest will get it via the App.
The tradeoffs are a matter of personal preference, if there is a fully working MDM solution in place the update will be pushed out and the user however 'malicious' can do nothing against it. But the same is true for the 'App only' solution, as you have the option to not let him use the app if he does not update (either by not providing a cancel button or, as you are in an enterprise environment and there it is allowed doing an exit(0)).
From experience I prefer any solution that has the 'App only' option as it is the last fallback if anything on client side fails. Whatever may be added on top is just sugar to the cake.
While not strictly relevant, the 'App only' solution always goes well with Push Notifications when an update came out.

How to lock down user to Single App mode in iOS 6, Programmatically?

There are some question which are related to this,. but getting the exact answer:
Lock-down iPhone/iPod/iPad so it can only run one app
Recently iOS 6 is introduced with some business oriented features, two of theme are:
Guide Access
Supervised Access
These both deals with Accessibility Control features, Like allow user to restrict access to there device, only if they have full access to the device. In that way this is only useful to people, who owned the device like, a school use there device for exam, a restaurant for menus, for product display etc. All of them have access to the device to configure settings etc.
Now my question begins here, I am thinking of an App, which look down user to single app mode when user run the app and after signing out of the app the device start working as before in normal mode.
Through the time when app is active, user should not able to access any other function or button, this applies on all three device iPad, iPhone, iPod.
Also I found that this could be done by installing some Profiles etc, which looks wired and we can't ask user to do so.
So the simple idea is user will only install the App, as normally he does and we could lock him down to single app mode when he log into the app.
The SureLock iOS app does nothing but inform the user how to do it in your system preferences.
Doing it from the app itself is only possible, if you break the rules about private frameworks. And break it hard.
I am sorry to tell you that the way you present your idea, would never be approved for the AppStore.
The accepted answer to this question is no longer correct:
Starting with iOS 7, UIKit exposes the function UIAccessibilityRequestGuidedAccessSession as public API.
I don’t know, but can very well imagine that this function existed as private API dating back to iOS 6, where the guided access feature was introduced.
Note that for this method to have any effect, the device in question must be supervised using MDM, and the ID of the app you want to use this API must be included in the device management profile deployed to it.
Hi may be I am late but I have a good news for you.
Apple provide a new feature in IOS 7 and we can lock the user to single mode without user permission(Lock and unlock mode) here is the apple documentation link
https://developer.apple.com/library/ios/documentation/UIKit/Reference/UIKitFunctionReference/#//apple_ref/c/func/UIAccessibilityRequestGuidedAccessSession
the other way is to install the profile config profile like is
http://ipadhire.co.nz/lockdown.mobileconfig
it lock the home button of IPhone and enable single mode
For this you have to do following..
access apple's private api's
access apple's private framework
Apple don't encourage accessing there private api's specially when it comes for App Store, if you accessed the private api's at the time of application review on App Store they will reject the app giving you a message of "accessing a private api".

Is there a neat way to tell if iPhone/iPad has been set a passcode by user

I have asked this question long before.
I know it maybe impossible, but as far as I know, 'Find my friends' has this features and it works just so well, so I wonder if now there is a neat and legitimate way of doing that.
Just because Apple's Find My Friends app has a feature does not mean the API is publicly available. If this app is not an enterprise app, you can't use private APIs and have your app put on the app store. If it is an enterprise app, you may want to look into setting up a configuration profile for the device. In order to access the VPN for my employer, I had to install a configuration profile (visible in Settings) that requires a passcode to be entered every time I unlock my iPad. Without that, I cannot VPN into their intranet. TestFlight uses a similar approach with profiles to register a device to receive builds. I would check out this link from Apple on setting up these sorts of profiles for enterprise applications: http://www.apple.com/iphone/business/resources/
There's no way to detect this programmatically from within an iPhone SDK-based application. If you need to, you should file an enhancement request with Apple at http://bugreporter.apple.com

iOS (Apple): Is there any way for the application to ask the OS to block the device in that application?

I would find useful, in some cases, and under the user's permission, to block the device so only the running application can be accessed unless the usrer's password (pattern or whatever is used to unlock the session) is introduced.
I guess the mecanism should be something like: The application asks the os to do this, the OS asks the user for permission and then the application asks the device to block the application on "exit" or standby (or both).
This would be useful for using an iPhone or iPad as a device for public use. One example could be a Library where visitors can see the book list and some previews in the device. In this case, you don't want the user to access any other resource/application in the system.
Does it make sense?
What your asking is there any type of kiosk mode for iOS devices.
The short answer in no. The longer answer is if you're using a Jail broken device you might be able to relaunch the app on exit, but it would take significant R&D.
I hade a client ask about this last week, after some investigation and thinking I told her,
It's best to look for a case that blocks the home button. Or some kind of security bracket. It'll be cheaper and easier.
Also any App you create with this functionality would be rejected form the App store.
If your looking for advice on programming Jail broken devices there is a Stack Exchange proposal you can follow.
Supposedly there's a way to have a "kiosk" mode with a .mobileconfig file. Both of these articles talk about it, basically covering the same territory:
http://joris.kluivers.nl/blog/2012/03/02/kiosk-mode-for-ios/
http://rick-hawkins.blogspot.ca/2012/01/turning-ipad-into-kiosk-device.html
I was looking into this again and found out that iOS already supports the feature. It is called Guided Access, it was incorporated on iOS 6, it does not require jailbreak and can be used for any app installed on the device.
It makes sense, but I don't think you can do that without jailbreaking the phone. In iOS, the home button cannot be overridden by applications. Besides there is cheaper hardware out there for kiosk-style applications.

Can an iPhone App Be Run as Root?

I am thinking about the design of an iPhone app I'd like to create. One possible problem is that this application will have to run as root (to access certain network ports). In a typical UNIX app, I'd just get the app to run with setuid, but I'm wondering if that is possible with an iPhone app.
I've read this question in Apple's forum, which is discouraging:
http://discussions.apple.com/thread.jspa?threadID=1664575
I understand that Apple wants to limit what a program can do, but there are plenty of good, legitimate reasons for a user to run a program with elevated privileges. I'm not trying to create a hacker tool here.
I'm sure I could get around this on a jail-broken iPhone, but that's not what I'm after. Is there any way to run an app with elevated privileges on an unbroken iPhone?
(BTW, there is no need to warn me about the NDA.)
Section 3.3.4 of the iPhone SDK Agreement suggests that you mustn't work outside your sandbox.
Given that Apple has been somewhat arbitrary on which applications they permit, you should definitely double-check with them before you start developing.
Compared to 2.0.x, the sandbox restrictions have actually increased in 2.1; you can no longer even read from another application's sandbox. So, even if it currently is possible to elevate your app's privileges, it very likely won't be in a future release.
The only options you have is
Run the application as root on the iphone
Set the applications setuid bit and owner root.
I can't see any of them being blessed by Apple.
I guess it depends on what you want to do with the privileges, if you're lucky there might be more fine grained privileges available, but afaik you have to choose a port above 1024.
Doesn't matter one bit if you can do this on your normal desktop computer. The iPhone is not a normal desktop computer.
Unlike a desktop computer, the only way to get an application on the iPhone without a jailbreak is to get it from the App Store. The only way to get on the App Store is to follow Apple's rules, and Apple's rules clearly include "no privilege escalation", "no escaping the sandbox", and "no accessing network ports outside the existing, provided APIs".
What you want to do is not possible.