3 Replies Latest reply on Feb 25, 2016 11:04 AM by baotran

    How does the MDM query iOS devices on what apps are installed?

    ryan.bender@charlottecountryday.org Apprentice

      The reason I am asking is because we have disabled the Apple Store for our students, and a student was overheard bragging about how he has unauthorized apps/games installed.  When I check his iPad's apps list in the MDM nothing unauthorized shows up.

        • 1. Re: How does the MDM query iOS devices on what apps are installed?
          baotran Apprentice

          At the contact interval specified in the MDM tab of the Server Settings the server schedules a command to update the device info/inventory. You'll actually see these in the Command Queue section at the bottom of the Mobile Devices window. iOS then responds with the inventory for the device at that time. The Mobile Device Last Contact info time denotes the last time an inventory was received from the device so that's how old the application inventory data is. I don't see how there could be any unauthorized apps on the device that wouldn't show up in the inventory unless it's no longer under MDM management or is jailbroken.

           

          Is the MDM enrollment profile locked down the iPads with a DEP profile so that it cannot be removed by the enduser? If someone did in fact remove the MDM enrollment profile the device typically would no longer show up as managed and would grayed out and missing bunch of the inventory categories. Also the Mobile Device Last Contact info item would be way in the past from when the enrollment profile was removed.

           

          Mobile_Devices.png

           

          Could be also the student is just blowing smoke.

          • 2. Re: How does the MDM query iOS devices on what apps are installed?
            ryan.bender@charlottecountryday.org Apprentice

            Thanks for your response Bao.  I meant to say where on the iPad does the MDM get the apps list from?  I am not aware of the inner workings of an iPad.  Is there a program files directory somewhere on there like in Windows where the MDM gets the apps list?  Does it go by the icons that are on the home screen?  I was just curious if there was a way for them to hide this information somehow.

             

            The MDM enrollment profile is locked down with a DEP profile.  It is not jailbroken and is still managed according to the MDM.  We disabled the Apple Store on their devices so they can only install what we provide for them in the Absolute Store.  When a teacher approached me about the student I told her that if he installed something he shouldn't have I would see it.  I did have a feeling that the student is blowing smoke when I first heard about it, but I just wanted to make absolutely sure that there wasn't a way for them to hide it.

            • 3. Re: How does the MDM query iOS devices on what apps are installed?
              baotran Apprentice

              The LANrev server is making a call to Apple's MDM APIs to request a list of non-built in apps. These will be 3rd party apps for the most part. Sometimes you'll see some apps that are installed by iOS automatically that are not part of the base iOS installation, e.g. Find Friends, Find iPhone, iBooks, and Podcasts.

               

              Bao