PDA

View Full Version : iOS7's new "Managed Open" security control trivial to bypass


Omniver
Sep 19, 2013, 12:01 PM
Companies hoping to use iOS 7's touted ability to limit which applications corporate data can be transferred to (the first new feature highlighted at http://www.apple.com/ios/business/) will be disappointed.

The feature filters out the list of possible "Open In" applications within company managed applications and email accounts, intending to prevent the user from moving sensitive documents to non-company approved places (e.g. a personal Dropbox account).

Unfortunately Apple leave "Messages" as a valid target, allowing the user to send the document directly via iMessage. They can even message it back to themselves and now since it is out of the "managed" application, "Open in" will send it to any valid target, completely bypassing the control.