We'd like to 'lock-down' an iPhone/iPod/iPad so that the user can only run one app (we've developed this app internally). I'm guessing we'd be looking at jailbreaking, and then replacing (?) the default Springboard app.
Can we do this? If so, how?
EDIT: iOS 7 now includes an 'App Lock' payload as part of the device configuration profile. From the Apple docs:
"By installing an app lock payload, the device is locked to a single application until the payload is removed. The home button is disabled, and the device returns to the specified application automatically upon wake or reboot."
Read more about it here:
https://developer.apple.com/business/documentation/Configuration-Profile-Reference.pdf
It is possible to put an iPad or iPhone into 'Store Demo' mode so that the home button and swipe to home gesture is disabled. If you have seen the iPads in the Apple Store running the smart sign apps then you will know what I mean.
It is actually pretty trivial to make this work, all you need to do is install a correctly formatted mobile config plist over the air from a web server.
To deliver your config from the web all you have to do is direct the iPhone to a url containing the profile. Just open the link to your .mobileconfig file in safari. If you don't have web space you can just use dropbox public folder URLs or switch on your mac webserver.
It's possible that you can load the config using IPCU too but I have not tried this. This config file will not load in the iPhone Configuration Utility as it uses keys that IPCU doesn't know about. You can combine this with whatever other enterprise configuration profiles you have in play.
EDIT: #cocoanetics pointed out that IPCU is not required to remove the profile. However note that to get your device back to normal you would need to do the following:
Reboot
Open the settings app FIRST - don't open anything else or you will need to reboot again
Settings->General->Profiles->[your profile] remove it.
Reboot
you should be back to normal.
I have included an example plist that will disable the home button and lock your device into the app.
BEWARE
Once this profile is installed the first app that is launched when the device is rebooted will be the only app that will run until you reboot the device again.
As #Cawas has said this completely disables the ability to return to the home screen (unless your app crashes) including accessibility assistive touch.
Note that after installing the profile you must reboot the device (power off, power on) for it to take effect. To remove the profile plug the device into IPCU and delete it then reboot the device. Everything will be back to normal.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadDescription</key>
<string>Disables home</string>
<key>PayloadDisplayName</key>
<string>Home Button Lock</string>
<key>PayloadIdentifier</key>
<string>com.hbkill.kiosk</string>
<key>PayloadOrganization</key>
<string>My Org</string>
<key>PayloadType</key>
<string>com.apple.defaults.managed</string>
<key>PayloadUUID</key>
<string>B2D02E2D-BAC5-431B-8A29-4B91F71C9FC1</string>
<key>PayloadVersion</key>
<integer>1</integer>
<key>PayloadContent</key>
<array>
<dict>
<key>DefaultsDomainName</key>
<string>com.apple.springboard</string>
<key>DefaultsData</key>
<dict>
<key>SBStoreDemoAppLock</key>
<true/>
</dict>
</dict>
</array>
</dict>
</array>
<key>PayloadDescription</key>
<string>Disables Home Button</string>
<key>PayloadDisplayName</key>
<string>Home Button Lock</string>
<key>PayloadIdentifier</key>
<string>com.hbkill</string>
<key>PayloadOrganization</key>
<string>My Org</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>614D1FE3-F80D-4643-AF6B-D10C4CC8737A</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>
You may well have moved on from this but I thought I would post this answer here as I came across the question while I was trying to figure out how to do the same thing.
This is a feature of iOS 6 that can be used without hacky attempts. It's called 'guided access'. I small tutorial is here.
EDIT: In case the device's battery runs empty while it's in the hands of a restricted user, the user could reload the device and it will reboot without guided access. However, if you choose to use a password for the device, this shouldn't be a problem.
An alternative to the (admittedly much simpler) approach described by Rick is to:
disable the home button (e.g. physically covering it),
disable the five-finger gesture and screen lock in the Settings, and
install a “Trampoline” to relaunch the app should it crash.
http://www.apple.com/support/ipad/enterprise/
Apple provides enterprise configuration tools which allow control over which applications are permitted etc. This is done through profile management it seems. See link for more details
I agree with a comment from some hours ago: Settings > General > Restrictions should do the trick. If the user can't install anything, can't access Safari or Mail, then there is no reason to ever quit your app.
Block internet access from device (MAC-filter on wi-fi can do the trick). Any other non-internet related problem (music, games, etc) should already be solvable by the current IT infrastructure (unless your developers plays and listen to MP3 at work).
i found one way to quit this home-lock state.
i have install "backgrounder" via cydia which make your app run in background if you press home button for one second or more.
and now, when i longpress home button, i back to the home screen.
that is all.
pay attention on longpress.
Um- wasn't sure if this is an answer or a comment but - the solution that is now part of the question has a weakness - our support staff used this and found that if you "Tap the power button to ‘soft-off’ then hold the home button as you power on and slide to unlock. Sometimes iPad will start on the home page or else XXAPPLCATIONXX will hang and then drop out to the home page. Eitherway X is able to access the home page without the passcode."
Related
I was recently not able to submit the app to Appstore and its showing 3 errors and the thing is i have all the app icons placed in Xcode as you can see in my screenshot correctly but this error comes. I have been trying for many hours to solve this issue. Anyone has idea what is wrong and how to solve? I have included all the icons in my assets folder as you can see . I even checked the dimensions and even deleted assets folders and created new . But still the error comes. How to solve this issues?
Missing App Store Icon. iOS Apps must include a 1024x1024px App Store
Icon in PNG format. Without providing the icon in the Asset Catalog or
via iTunes Connect, apps cannot be submitted for App Review or Beta
App Review
Missing Info.plist value - A value for the Info.plist key
'CFBundleIconName' is missing in the bundle 'com.abcd.iphone'. Apps
built with iOS 11 or later SDK must supply app icons in an asset
catalog and must also provide a value for this Info.plist key. For
more information see
http://help.apple.com/xcode/mac/current/#/dev10510b1f7
XCODE ASSET FOLDER
Added the info.plist screenshot :
Make sure your asset catalog is in fact part of the app target.
Make sure your build settings point to the AppIcon image set.
And make sure you don't have multiple asset catalogs with multiple AppIcon image sets, as the build system will not know which one to use.
You should be able to open the built app package in the Finder and see the CFBundleIcon entry:
<key>CFBundleIcons</key>
<dict>
<key>CFBundlePrimaryIcon</key>
<dict>
<key>CFBundleIconFiles</key>
<array>
<string>AppIcon60x60</string>
</array>
<key>CFBundleIconName</key>
<string>AppIcon</string>
</dict>
</dict>
About my problem: I used https://theswiftdev.com/2017/10/27/how-to-launch-a-macos-app-at-login/ for launch my mac-OS app at login it work good. After time I found some problem in my application. My app generated sqlite files like sqlite-shm, .sqlite-wal but after added changеs as "launch" it does't work now.
problems in with "App Sendbox" it included as "on" if I change to "off" my files will be create but "launch" will not be work
How to make these two features work?
Can you help my with my problem?
Ok! i found answer to my question my self)
If it well be halpfully to another peoples i will by happy.
Ok! let's start)
First we are need delete all code as this is linc (of course if you did as in this linc) and then disable the sandbox (cause it blocks kreating sql.lite files)
and second we are need add to info.plist this:
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
</dict>
and thats all)
My app is a menu app that sits in the menu extras running in the background, and I'm trying to make it to run on login. What's the latest recommended practice to achieve this for High Sierra using Swift 4?
According to Designing Daemons and Services, there are four different background processes on MacOS.
Since I would want my app to run upon user login, I guess it's going to be either login item or launch agent. However, for Login Item, it seems there are two ways to implement Using the Service Management Framework or a Shared File List.
I first attempted to use Shared File List, based from this example from github. However, Xcode throws bunch of deprecated warnings and errors indicating it doesn't support in Swift 4 and latest MacOS anymore.
Then I got it to work using using SMLoginItemSetEnabled from this guide. However, using this method, my app doesn't show up inn the system preferences under the login items.
Is Shared File List method is completely out of option for Swift 4 and High Sierra?
What about launch agent? I couldn't find much guide on making an App as a launch agent using Swift. I would appreciate if someone could share some code.
Thanks!
I would suggest creating a launch agent. Login items are soooo 2010 ;).
There's really no API for creating a launch agent (or other launchd services). The steps are, basically:
create and write the appropriate ~/Library/LaunchAgents/com.your.agent.plist file
execute /bin/launchctl bootstrap gui/501 ~/Library/LaunchAgents/com.your.agent.plist
(where 501 and com.your.agent are the user's UID and your launchd identifier)
The second step is somewhat optional; the system will see your .plist file and start the agent automatically the next time the system restarts. So you can kick start it by just manually launching it the first time. But if you want it to be immediately registered with launchd (so it will automatically get restarted if quit, for example), then I know of no other way than to run launchctl once to register it. (Similarly, you'll need to run launchctl bootout ... to shut it down when it's time to uninstall it.[1])
The details of the .plist file can be found in man launchd.plist, but here's a simple example of a LSUIElement app called "Menu" that runs in the background whenever the user is logged into to a GUI session:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>KeepAlive</key>
<dict>
<key>SuccessfulExit</key>
<false/>
</dict>
<key>Label</key>
<string>com.my.menu</string>
<key>LimitLoadToSessionType</key>
<string>Aqua</string>
<key>Program</key>
<string>/Applications/Menu.app/Contents/MacOS/Menu</string>
<key>RunAtLoad</key>
<true/>
</dict>
</plist>
To create the .plist, all you have to do is populate a property list dictionary with these values and call dictionary.write(to:atomically:) to write it where it belongs.
Launch agents are regular user processes so none of this requires any special privileges, although I'm not sure about writing to ~/Library/LaunchAgents from a sandboxed app.
Since the user doesn't normally fiddle with ~/Library/LaunchAgentsor launchctl your application will need to provide a UI for installing and uninstalling the agent. For a status menu item app, this is usually as simple as a preferences checkbox to "Show in Menubar".
[1] bootstrap and bootout were added in 10.11. If you have to support earlier versions of macOS there are workarounds.
The recommended way especially for a sandboxed app is the Service Management Framework (SMLoginItemSetEnabled) and a helper executable located in ./Contents/Library/LoginItems
Of course the application does not appear in Login Items of System Preferences because the behavior is supposed to be controlled in the app itself.
I want that after installing my app from an OTA the home button of the device will not work at all so that user is unable to come out from the App. My digging led me to following results
A) I got a way to disable home button by a "mobileconfig" profile but it needs to restart the device and user have to open my app just after booting, i want to do this without restarting with something like Private Frameworks on non-Jail-broken devices. I want to know is that possible for non-jail-break devices?
C) If it is not possible to disable home button with Private Frameworks, then is there any way to open an app just after booting the device?, since certain jailbreak apps/ processes are loaded upon startup.
[NOTE: I don't want to submit my app to iTunes.]
In iOS6, there's a feature called "Guided Access", which will allow device owners to lock users (like toddlers and school kids) into an app.
This explains the Guided Access for iOS 6 apps.
The official answer of this question is "you can not disable home button in ios devices it is os level architecture and your are not authorized for it."
You need to dig to operating system flow to make any changes which might be quiet tough.
well, if you change you sight though it than there is one open and simple solution for this in ios 6 known as Guided Access.
If you are able to jailbreak your device create a LaunchDaemon or use an existing one. The LaunchDaemon is a file in plist format that is called upon rebooting and starting your device. You will also need a file named open created by K3A
Download open from here
You will need to move open to /usr/bin/ or you can put it inside your app does not matter but set permissions to 0755 and root:wheel
Now on to the LaunchDaemons, they are stored here
/System/Library/LaunchDaemons
Here is an example.
Lets say you name the LaunchDaemon
com.gauravstomar.test.plist
Where it says com.bundle.identifier put your apps identifier you may also find it in your Info.plist inside of your apps directory where it says CFBundleIdentifier
Now inside the plist insert the following information
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN"
"http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.gauravstomar.test</string>
<key>ProgramArguments</key>
<array>
<string>open</string>
<string>com.bundle.identifier</string>
</array>
<key>RunAtLoad</key>
<true/>
<key>StartInterval</key>
<integer>1</integer>
</dict>
</plist>
Label has to be the same name as the LaunchDaemon.plist excluding plist extension
ProgramArguments is what calls the file open and launches the app
RunAtLoad makes this plist launch upon reboot
StartInterval will make the LaunchDaemon.plist open back up after 1 second if the user exits the app, if the user is still in the app nothing will happened
Make sure the permissions for your LaunchDaemon is set to
0644 root:wheel
You can still use your mobileconfig so that the home button is disabled. Once assessment is complete you can disable the LaunchDaemon so that the app stops relaunching itself with the following command
launchctl unload/System/Library/LaunchDaemon/com.gauravstomar.plist
Let me know if you need any more help.
Without jailbreaking, the app is sandboxed. The app simply does not have access to mess with the home button. And you really shouldn't be messing with the home button.
In addition to "Guided Access", you can also make use of "Restrictions", which will allow you to disable everything accept opening your app. You can disable Apple specific apps including Safari, and prevent users from installing apps, deleting apps, making purchases, etc...
We have a number of iPod touches with a ticket scanning app we rent out to our customers. We make use of "Restrictions" to disable everything besides our app. The most helpful restriction thus far is preventing people from deleting apps - It's incredible how many people will accidentally delete an app, even after the warning prompt.
There is iPhone app "Another Mail Client" that should be able to open any file to send it as attachment. So, I want to associate this application with any file with any extension.
Following the documentation, we should declare support for files with the root UTI-type public.data – any file should belong to this type. It works, but not at all. In this case, our app will not be able to open any file, but only those which have already been registered in the system. For example, if in any application (e.g., dropbox) we'll try to "open in..." file with an unknown extension (file.unknowntype) using UIDocumentInteractionController, then the answer will be negative despite the fact that we have already registered our application and it supports the root UTI-type public.data. But, if you install another application, which supports files with extension (*.unknowntype), then our application will also be able to open these files and will appear in "open in..." application list.
UPD: #Gabriel This is CFBundleDocumentTypes part of my info.plist file:
<key>CFBundleDocumentTypes</key>
<array>
<dict>
<key>CFBundleTypeName</key>
<string>MyMail</string>
<key>LSItemContentTypes</key>
<array>
<string>public.data</string>
</array>
<key>CFBundleTypeRole</key>
<string>Viewer</string>
<key>LSHandlerRank</key>
<string>Default</string>
<key>CFBundleTypeIconFiles</key>
<array>
<string>Icon29.png</string>
...
<string>Icon114.png</string>
</array>
</dict>
</array>
I've made an app with the following setup
<key>CFBundleDocumentTypes</key>
<array>
<dict>
<key>CFBundleTypeIconFiles</key>
<array/>
<key>CFBundleTypeName</key>
<string>name</string>
<key>LSItemContentTypes</key>
<array>
<string>public.data</string>
</array>
</dict>
</array>
When I try to open a .pdf from Safari, this app shows up in "open in.." list. Can you make a sample app and try it?
UPD:
It seems like claim 'public.data' (tried also public.item, public.content) means file, which belongs to set "all known to system UTIs", not any file. So, you will be able to handle 99% of files, which users want to send by email , but not all. Another way would be to export UTI that you think are important, but which are not in system UTIs by default.
Friend, I read your question properly before posting the answer. I gave another thought that you will have a set of already known "any types" of files to register in a bulk. However, you want to dynamically accommodate your app to register any file type given to your app in future and make it attachable. For this as far as my knowledge is concerned, you cannot make you app to universally support any unknown file type. Let me explain what happens,
Suppose you make an application APP1 then it does not know about a file extension .XYZ and install it on iPhone.
But, later I develop another application APP2, which contains the above code and I register the .XYZ type from APP2 in whatever iPhone it installs.
So, lets say I install APP2 in your iPhone, having APP1. And when my app runs, then the .XYZ extension ( known to APP2 ahead of time) gets registered into the iPhone.
This is the reason now your app APP1 can use this .XYZ file surprisingly.
Concluding, you have to know a specific type of extensions ahead of time before making the app.
However, heres a possible solution for it.
Solution :
Decide the maximum number of characters you want to support in an extenstion. Lets say 4.
Now you can make a small Brute-Force routine to run in your app to make all the possible character combinations and register them all. This should make any file with extension upto 4 characters attachable to mail.
I hope that should do the trick.
Best of luck!
An idea for investigation...
If the installation of another app "fixes" the problem then try inspecting the other apps Info.plist file to see if it is registering or exporting any interesting UTIs or similar settings.
It sounds like your app might only be doing half the job and the other app is completing the missing setup.
You can inspect the contents of an apps ipa file from iTunes by copying it, renaming ipa to zip extracting the contents and then Show Package Contents on the app inside.