Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Full access to my phone via Profiles and Device Management

A

applelover4u

macrumors 6502
Original poster
Nov 6, 2012
336
179
So whoever I add to profiles and device management and grant trusted status will without a doubt have full access to my phone? is that how it works?

Or can they only control or see certain aspects of the phone?
 
Shirasaki

Shirasaki

macrumors P6
May 16, 2015
16,262
11,763
Yup. Profile can only control certain aspects of your phone. It is not a way to jailbreak, which in no doubt gives you full access (or nearly) of your device).
 
Shirasaki

Shirasaki

macrumors P6
May 16, 2015
16,262
11,763
applelover4u said:
Which aspects can they see or control?
Click to expand...
For example:
Through profile, corporation can set up mail accounts and all associated settings so that once profile is installed, user can use certain Email address.
Or, profile allows user to download contents only available in certain organizations or even networks.
Or, users could be prevented from changing certain device settings (possibly those invisible to users) or erase device without credentials.
 
  • Like
Reactions: cswifx
J

Justaguy48

macrumors member
May 2, 2017
64
52
MDM and profiles, mainly from academic and corporate institutions is more of what the device is allowed to do, versus what the profile/MDM can do.

Profiles are limited, for example configuring a wifi login for a corporate network, or a profile to set up VPN.

MDM can control almost every aspect of the phone. It doesn't have access to the root system, no public iOS software allows that, but when MDM is installed almost any feature or option, even ones you don't know exist, can be changed.

If your curious about what MDM can do you can download Apple configurator 2, that'll give you an idea of what can be changed.
 
A

applelover4u

macrumors 6502
Original poster
Nov 6, 2012
336
179
Justaguy48 said:
MDM and profiles, mainly from academic and corporate institutions is more of what the device is allowed to do, versus what the profile/MDM can do.

Profiles are limited, for example configuring a wifi login for a corporate network, or a profile to set up VPN.

MDM can control almost every aspect of the phone. It doesn't have access to the root system, no public iOS software allows that, but when MDM is installed almost any feature or option, even ones you don't know exist, can be changed.

If your curious about what MDM can do you can download Apple configurator 2, that'll give you an idea of what can be changed.
Click to expand...

What is MDM?
 
cswifx

cswifx

Suspended
Dec 15, 2016
563
180
Justaguy48 said:
MDM and profiles, mainly from academic and corporate institutions is more of what the device is allowed to do, versus what the profile/MDM can do.

Profiles are limited, for example configuring a wifi login for a corporate network, or a profile to set up VPN.

MDM can control almost every aspect of the phone. It doesn't have access to the root system, no public iOS software allows that, but when MDM is installed almost any feature or option, even ones you don't know exist, can be changed.

If your curious about what MDM can do you can download Apple configurator 2, that'll give you an idea of what can be changed.
Click to expand...

What about enterprise profiles that people install to install third party apps? Are those given the same capabilities?
 
J

Justaguy48

macrumors member
May 2, 2017
64
52
applelover4u said:
This is what I want to know
Click to expand...

1. For an App to run on any iOS device it has to be signed.
2. There are two types of apps. "Private" apps and "public" apps.

Public apps are ones on the AppStore that follow all of Apples guidelines and are signed by Apple. This means that the iOS device recognizes that Apple allows the app to run on the device.

Private apps, or internal apps, are ones that are commonly developed and used by an organization. For example the US military has their own "AppStore" where you can install internal apps that they use. There are many companies that develop and send out internal apps that employees use. And these apps are signed by an enterprise developer license. so the app is allowed to run as long as the user, you, approves the app to run.

Because enterprise signature allows an app to run without going through the AppStore process this means that the developer doesn't necessarily have to follow the guidelines Apple sets for apps.

So a lot of times these companies will develop apps that don't follow the guidelines, sign them with an enterprise license, and put them online you anyone to download. Which installs a profile on the device that you have to trust before you can use the app.

That kind of app profile is not the same as MDM or other profiles. The app profile is there because it isn't a "approved by apple" app. The profile can't change settings, view any data about the device, and has no control over the device. However because the app is not approved by Apple the app may have spying code in it, and could act in a way that is unexpected.

I know it's long but I wanted to try to be as clear as possible.
 
  • Like
Reactions: cswifx and Shirasaki
cswifx

cswifx

Suspended
Dec 15, 2016
563
180
Justaguy48 said:
1. For an App to run on any iOS device it has to be signed.
2. There are two types of apps. "Private" apps and "public" apps.

Public apps are ones on the AppStore that follow all of Apples guidelines and are signed by Apple. This means that the iOS device recognizes that Apple allows the app to run on the device.

Private apps, or internal apps, are ones that are commonly developed and used by an organization. For example the US military has their own "AppStore" where you can install internal apps that they use. There are many companies that develop and send out internal apps that employees use. And these apps are signed by an enterprise developer license. so the app is allowed to run as long as the user, you, approves the app to run.

Because enterprise signature allows an app to run without going through the AppStore process this means that the developer doesn't necessarily have to follow the guidelines Apple sets for apps.

So a lot of times these companies will develop apps that don't follow the guidelines, sign them with an enterprise license, and put them online you anyone to download. Which installs a profile on the device that you have to trust before you can use the app.

That kind of app profile is not the same as MDM or other profiles. The app profile is there because it isn't a "approved by apple" app. The profile can't change settings, view any data about the device, and has no control over the device. However because the app is not approved by Apple the app may have spying code in it, and could act in a way that is unexpected.

I know it's long but I wanted to try to be as clear as possible.
Click to expand...

Wow, didn't expect that informative response. Thank you so much!
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom