CE running in the background of iOS devices WITHOUT jailbreaking! [Solved]

  • 5
  • Idea
  • Updated 3 years ago
  • Under Consideration
One of the biggest problems with iOS is that locking the device in order to stay accountable a) breaks default functionality like links from email, etc. and b) still allows me full internet access through apps that use built-in browsers.

As of iOS 6, a company/person can create a provisioning profile using Apple Configurator and setup their device to use a VPN connection by force. A password can be set that makes it so you can't remove the VPN connection and if you try to turn it off, it turns back on and connects automatically! With an active VPN connection, ALL network traffic can be logged at whatever system is running the VPN. OpenDNS just started offering this service (called Umbrella) but it is setup for business security...not for accountability. Basically, their reporting sucks!

CE needs to add this to their service lineup. I would gladly pay $2-$3 extra per month in order to have fully functioning accountability on iOS. I love CE reporting and accountability features so to have the VPN track all of the data and then categorize it for my accountability partners would be a dream come true!

Please make this a reality! The world has been needing it and this is a perfect solution.

By the way, it would work on any device that supports a VPN connection. You could probably setup a proxy using the same method. Just a thought.
Photo of Scott Dahl

Scott Dahl

  • 4 Posts
  • 2 Reply Likes
  • excited

Posted 6 years ago

  • 5
Photo of Dave Caswell

Dave Caswell, Developer

  • 120 Posts
  • 14 Reply Likes
@Scott

Thanks for the suggestion.

We actually looked into this quite a bit as a possible solution.

Unfortunately the piece of the puzzle that makes this a killer feature - the ability to enforce the use of the VPN with Apple Configurator is restricted to those organizations in Apple's Enterprise Developer Program deploying to their employees and staff for the purposes of device security and policy management. A commercial solution offering this functionality to its customers would be a violation of Apple's developer agreement.
Photo of aggieben

aggieben

  • 58 Posts
  • 8 Reply Likes
Dave, I think you just have to publish the profile, and then a user has to install it using the configurator. This solution would be ideal for me - I need monitoring for my phone, and it's just enough trouble to remove the profile that I very likely would never do it. Alternatively, I could do it from the configurator using an account on my computer to which I don't know the password.

In any case, this could be done without violating Apple's terms, and it would be hugely beneficial to me and many other users who don't currently have any practical accountability on our iOS devices.
Photo of Scott Dahl

Scott Dahl

  • 4 Posts
  • 2 Reply Likes
At the same time, I've been able to setup a profile and my ipad and my friend's iphone, force the VPN and restrict the ability to remove the profile without even having a developer account. All I had to do was configure the profile and then email it to my friend. You wouldn't even have to go through Apple to offer a solution like this. You'd really just have to build the profile, email it to each member that requested it. They install it from the email by opening the provisioning profile and pressing okay when the device gives them a warning. You could have a password to restrict removing the profile generated when the profile is generated and then stored in a database for later retrieval as an "uninstall password". It's incredibly easy to setup and install. You don't have to use Apple's traditional channels.
Photo of Jeff Voegtlin

Jeff Voegtlin

  • 3 Posts
  • 0 Reply Likes
Is this still a possibility? I recently participated in a program that used a VPN to monitor my usage of my iPad. It slowed things down, but I continually thought, "covenant Eyes should use this idea on the iOS devices." With either your (Scott) help or covenant eye's help, I would like to get this installed on my iPad.
Photo of Scott Dahl

Scott Dahl

  • 4 Posts
  • 2 Reply Likes
Yes it is still possible.  I'm running it along with a few of my friends.  I'm using Umbrella by OpenDNS but it is not a perfect solution because while it does monitor ALL activity on the phone, it doesn't have the ability to email a report to an accountability partner.  That's where I think Covenant Eyes is dropping the ball.  This is a MUCH MUCH better solution for mobile devices than what they have right now.
Photo of Chance

Chance

  • 148 Posts
  • 14 Reply Likes
How do you force the vpn?
Photo of aggieben

aggieben

  • 58 Posts
  • 8 Reply Likes
Could the OP please edit the title to not say "SOLVED" ?  This issue is definitely NOT solved.
Photo of John

John, Official Rep

  • 439 Posts
  • 79 Reply Likes
It is not solved, yet

It is worth noting that there are are multiple ways of solving any given problem, and to each of them there are positives and negatives. We probably could have come up with some sort of profile way to force a lock down on iOS using shaky tech... and burned any bridges with Apple in the process.

Or, we could work really hard, dream up new solutions and try to bring Apple on board to help us deliver an outstanding product. We have chosen the latter. We are doing our best to convince Apple to let us into their ecosystem so that we can provide outstanding service and protection. The result of that is that it takes time to go through channels, work to develop a product and faith to believe that it will all come together. We are closer now than we have ever been before, and I write this just to let you know that we have not even for one moment stopped pursuing this idea.

Our commitment is to "...Create tools that provide protection, and encourage accountability and trust in the fight against internet temptation"  We continue to stand by that.

Thanks everyone
Photo of Jeff Voegtlin

Jeff Voegtlin

  • 3 Posts
  • 0 Reply Likes
I don't know much about programming, but it seemed to me that "extesibility"? in iOS 8 would help toward this goal. I look forward to the time when this is a reality.

Thank all of you for your hard work.
Photo of aggieben

aggieben

  • 58 Posts
  • 8 Reply Likes
@John as much as I have been hard on you guys about this particular issue, I really do appreciate your efforts, and I especially appreciate this reply because it's something I can agree with and get behind, whereas before there was nothing.
Photo of jpmorgan5150

jpmorgan5150

  • 1 Post
  • 0 Reply Likes
Hello! OpenDNS offers VPN filtering and has a method of forcing all internet traffic through the VPN without letting the VPN be turned off without a direct removal. 

This is a viable solution, as OpenDNS does offer outstanding content filtering and doesn't restrict which app you use. It also is available on PC/Mac/iOS but not Android.

Here's the deal - they don't offer weekly reporting per device or user. With that, OpenDNS is a great solution.

You guys really need to talk to them about using their service and create custom reporting. Their tech is there and it works. 

OpenDNS also encrypts all traffic, so it is a security solution as well.