Full access to my phone via Profiles and Device Management

Discussion in 'iOS 10' started by applelover4u, May 19, 2017.

  1. applelover4u macrumors 6502

    Joined:
    Nov 6, 2012
    #1
    So whoever I add to profiles and device management and grant trusted status will without a doubt have full access to my phone? is that how it works?

    Or can they only control or see certain aspects of the phone?
     
  2. Shirasaki macrumors 604

    Shirasaki

    Joined:
    May 16, 2015
    #2
    Yup. Profile can only control certain aspects of your phone. It is not a way to jailbreak, which in no doubt gives you full access (or nearly) of your device).
     
  3. applelover4u thread starter macrumors 6502

    Joined:
    Nov 6, 2012
    #3
    Which aspects can they see or control?
     
  4. Shirasaki macrumors 604

    Shirasaki

    Joined:
    May 16, 2015
    #4
    For example:
    Through profile, corporation can set up mail accounts and all associated settings so that once profile is installed, user can use certain Email address.
    Or, profile allows user to download contents only available in certain organizations or even networks.
    Or, users could be prevented from changing certain device settings (possibly those invisible to users) or erase device without credentials.
     
  5. Justaguy48 macrumors member

    Joined:
    May 2, 2017
    #5
    MDM and profiles, mainly from academic and corporate institutions is more of what the device is allowed to do, versus what the profile/MDM can do.

    Profiles are limited, for example configuring a wifi login for a corporate network, or a profile to set up VPN.

    MDM can control almost every aspect of the phone. It doesn't have access to the root system, no public iOS software allows that, but when MDM is installed almost any feature or option, even ones you don't know exist, can be changed.

    If your curious about what MDM can do you can download Apple configurator 2, that'll give you an idea of what can be changed.
     
  6. applelover4u thread starter macrumors 6502

    Joined:
    Nov 6, 2012
    #6
    What is MDM?
     
  7. doubletap macrumors regular

    Joined:
    Jan 2, 2009
    Location:
    Ashburn, VA
    #7
    Mobile device management. Allows organizations the ability to manage certain aspects of your device to ensure compliance or impose rules.
     
  8. cswifx Suspended

    cswifx

    Joined:
    Dec 15, 2016
    #8
    What about enterprise profiles that people install to install third party apps? Are those given the same capabilities?
     
  9. applelover4u thread starter macrumors 6502

    Joined:
    Nov 6, 2012
    #9

    This is what I want to know
     
  10. Justaguy48 macrumors member

    Joined:
    May 2, 2017
    #10
    1. For an App to run on any iOS device it has to be signed.
    2. There are two types of apps. "Private" apps and "public" apps.

    Public apps are ones on the AppStore that follow all of Apples guidelines and are signed by Apple. This means that the iOS device recognizes that Apple allows the app to run on the device.

    Private apps, or internal apps, are ones that are commonly developed and used by an organization. For example the US military has their own "AppStore" where you can install internal apps that they use. There are many companies that develop and send out internal apps that employees use. And these apps are signed by an enterprise developer license. so the app is allowed to run as long as the user, you, approves the app to run.

    Because enterprise signature allows an app to run without going through the AppStore process this means that the developer doesn't necessarily have to follow the guidelines Apple sets for apps.

    So a lot of times these companies will develop apps that don't follow the guidelines, sign them with an enterprise license, and put them online you anyone to download. Which installs a profile on the device that you have to trust before you can use the app.

    That kind of app profile is not the same as MDM or other profiles. The app profile is there because it isn't a "approved by apple" app. The profile can't change settings, view any data about the device, and has no control over the device. However because the app is not approved by Apple the app may have spying code in it, and could act in a way that is unexpected.

    I know it's long but I wanted to try to be as clear as possible.
     
  11. cswifx Suspended

    cswifx

    Joined:
    Dec 15, 2016
    #11
    Wow, didn't expect that informative response. Thank you so much!
     
  12. Justaguy48 macrumors member

    Joined:
    May 2, 2017
    #12
    No problem lets just say I know a thing or two about how Apple's profiles and MDM works. ;)
     

Share This Page