Search code examples
iosiphonemdm

How does MDM in IOS really work?

I'm going to attend a MDM project in iOS (client side) but after searching, I still don't know how MDM really works. Can anyone explain something for me?

Problem:

My server needs to control the list of applications are installed on devices (install and remove app).

Expected Solution:

  • There need an app installed on devices which plays the role of client (MY APP).
  • When needed, server will push a notification to client via Apple push notification server.
  • After receiving notification, client app will connect to server to get server command (ex: installing app A)
  • After getting command, MY APP automatically download A and install it.

My question: Is that the way MDM work?

  • If yes, how MY APP can install another app when it has no right to do it (due to sandbox) and whether server can config the access right for an app on devices. If possible, anyone can give me an example of code for MDM client side to clear my stuff things?

  • If no, it means that the server will be the one who install app A on device (instead of MY APP). In that case, how server can do that?

Solution

  • iOS MDM is clientless protocol. So, you develop a server, but you don't develop a client application for it. Actually, there is a client app, but it's developed by Apple and built into operation system.

    So, your server will send a command, built-in MDM client will receive and execute it.

    Generally speaking, if you want to develop MDM server, you need to register into Enterprise Developer Program and get MDM documentation.

    There is some reverse engineered documentation here: http://media.blackhat.com/bh-us-11/Schuetz/BH_US_11_Schuetz_InsideAppleMDM_WP.pdf

    And iOS MDM protocol support Install/Remove application command.