fighting for truth, justice, and a kick-butt lotus notes experience.

New iOS 12 MDM feature to control access to contacts by third-party apps

 14 August 2018 14:53:29
Starting with iOS 11.3 in the spring of this year Apple already created the possibility to control which third party apps (keyword: WhatsApp) can access the managed company contacts of the ActiveSync account via MDM restrictions.
This was done via the Managed OpenIn restrictions. These can be used to control whether an unmanaged app can access the content of a managed app or account.

See also my blog post: ios-11.3-update-regarding-contact-containisation.htm

Apple released an updated Configuration Profiles documentation yesterday, which contains two new restrictions, among other iOS 12 extensions, that allows additional control to access contacts, when Managed OpenIn restrictions are being set to false.

allowManagedToWrite
UnmanagedContacts


Optional. If set to true, managed apps can write contacts to unmanaged contacts accounts.

Defaults to false.

If allowOpenFromManagedToUnmanaged is true, this restriction has no effect.
A payload that sets this to true must be installed via MDM
Availability: Available only in iOS 12.0 and later.


allowUnmanagedToRead

ManagedContacts


Optional. Supervised only. If set to true, unmanaged apps can read from managed contacts accounts.

Defaults to false.

If allowOpenFromManagedToUnmanaged is true, this restriction has no effect.
A payload that sets this to true must be installed via MDM.
Availability: Available only in iOS 12.0 and later.


via: https://developer.apple.com/enterprise/documentation/Configuration-Profile-Reference.pdf

Kommentare

1Mike  17.11.2018 07:53:38  New iOS 12 MDM feature to control access to contacts by third-party apps

Have you been able to get this to work? I am struggling to successfully test this - I am able to export contacts from an managed apps into the native contacts app, but my unmanaged apps still have access to the managed contacts.

  •  
  • Hinweis zum Datenschutz und Datennutzung:
    Bitte lesen Sie unseren Hinweis zum Datenschutz bevor Sie hier einen Kommentar erstellen.
    Zur Erstellung eines Kommentar werden folgende Daten benötigt:
    - Name
    - Mailadresse
    Der Name kann auch ein Nickname/Pseudonym sein und wird hier auf diesem Blog zu Ihrem Kommentar angezeigt. Die Email-Adresse dient im Fall einer inhaltlichen Unklarheit Ihres Kommentars für persönliche Rückfragen durch mich, Detlev Pöttgen.
    Sowohl Ihr Name als auch Ihre Mailadresse werden nicht für andere Zwecke (Stichwort: Werbung) verwendet und auch nicht an Dritte übermittelt.
    Ihr Kommentar inkl. Ihrer übermittelten Kontaktdaten kann jederzeit auf Ihren Wunsch hin wieder gelöscht werden. Senden Sie in diesem Fall bitte eine Mail an blog(a)poettgen(punkt)eu

  • Note on data protection and data usage:
    Please read our Notes on Data Protection before posting a comment here.
    The following data is required to create a comment:
    - Name
    - Mail address
    The name can also be a nickname/pseudonym and will be displayed here on this blog with your comment. The email address will be used for personal questions by me, Detlev Pöttgen, in the event that the content of your comment is unclear.
    Neither your name nor your e-mail address will be used for any other purposes (like advertising) and will not be passed on to third parties.
    Your comment including your transmitted contact data can be deleted at any time on your request. In this case please send an email to blog(a)poettgen(dot)eu

Archive