SOTI Pulse Logo

iOS Work-Profile

Solved
BL
Benedict Lumabi
Wireless Services Asia Inc.

Hi,

I am comparing containerization between Android and iOS. They are seems to be different on how it works. Can somebody tell me how does iOS works in BYOD? How does it sandbox applications?

Test scenarios for BYOD features:
1. Android 

    *Disable Screenshot - only applies when Work-Profile apps are running foreground.

    *Disable copy/paste - restrict user from copy/paste text or files from Work-Profile to Personal-Profile or vice versa.

    *Download attachments files from Work-Profile apps - apps are stored only on Work-Profiled File Manager.

2. iOS

    *Disable Screenshot - applies on both Personal and Work Profile. I think this should not be implemented on BYOD.

    *Disable Managed to Unmanaged Data Sharing - I copied text from Managed Chrome-app and successfully pasted it to Unmanaged Notes-app.
    *Disable Safari - it applies on personal-profile Safari browser


Conclusion:

iOS doesnt have sandbox feature the way android has. It does not separate work files/apps between personal-profile and work-profile. Enrolling unsupervised ios device into Mobicontrol only gains you to have limited control on the device but not necessarily mean deploying a work-profile. 


I'm open for corrections. Comments are much appreciated! 

byod unsupervised
7 years ago
iOS
ANSWERS
RC
Raymond Chan Diamond Contributor
7 years ago (edited 7 years ago)

Apple has not officially defined or implemented any BYOD mode for any its iOS devices.  Each iOS application of a non-jail-broken device has its own sandboxed file-system space, and there is no single system-level container that store all work-related apps and their data.   Some MDM software claimed some kind of BYOD mode by implementing their own application-level container, but such containerization are not endorsed nor protected securely by Apple firmware.

Also, "Unsupervised" device is not equivalent to BYOD device.   It is true that some enterprise-grade MDM policies (some restrictions, single-app mode, http global proxy,  homescreen layout, etc. as defined by Apple in their "Configuration Profile Reference" document) are only available in Supervised devices, but such policies are not directly related to BYOD/non-BYOD use case classification.  From my  recent interactions with Apple Enterprise Account staff,  Apple assumes all corporate customers needing serious enterprise-grade EMM implementation to use only DEP+VPP devices with supervised mode enabled.  All legacy devices without these should be phased out a.s.a.p.

Solution

Similar Discussions