Marco Eidinger
Swifty Tech by Marco Eidinger

Swifty Tech by Marco Eidinger

All you need to know about Managed App Configuration

All you need to know about Managed App Configuration

What is it, how to access it in Swift and how to test end-2-end with SimpleMDM

Marco Eidinger's photo
Marco Eidinger
·Feb 2, 2022·

6 min read

Subscribe to my newsletter and never miss my upcoming articles

Table of contents

I wrote this blog post for iOS enterprise app developers as I found it very difficult to find a holistic explanation about Managed App Configuration. Most articles may cover the implementation part in Swift, and that's it. My goal is to give you the whole picture and cover aspects like

  • tips on creating and sharing a specification for Managed App Configuration,
  • insights on how a Managed App Configuration gets deployed and
  • how you can test Managed App Configuration end-2-end without having access to your corporate MDM solution.

Managed App Configuration

The Big Picture

Managed App Configuration, commonly referred simply as AppConfig, allows iOS app developers to customize the app when paired with a Mobile Device Management (MDM) solution. AppConfig allows MDM solutions to remotely deliver data to a managed device, which then can be used by the app to customize the user experience or app behavior.

Blank diagram.png

Key takeaway: a Mobile Device Management (MDM) solution is required for productive use!

Use Cases

UI Configuration is one potential use case as enterprise organizations often like to rebrand apps to match the branding of their own organization. As the app developer, you can define a way to allow organizations to specify the colors, text, or other UI elements that may be unique to their needs. And the MDM administrator, on behalf of the organization, can apply those settings to the managed devices.

Another use case is that your app might require connectivity to a server tenant owned by the organization. Rather than prompting users to input the information themselves, this information could be provided by the MDM server via App Config, making the setup process invisible to the end-user.

Who is doing what?

There are three fundamental steps:

TaskResponsible
Define the configuration parameters and what those can influence within the appApp Developer
Implement code so that the app reads and honors the AppConfigAppDeveloper
Set and deploy AppConfig to device(s)MDM Admin

How AppConfig is sent to the device

A Mobile Device Management solution may send application configuration to the device with either of these two MDM commands:

The data sent to the device is a XML property list. Example:

<dict>
  <key>BlogURL</key>
  <string>https://blog.eidinger.info</string>
</dict>

How to access AppConfig in your iOS app

You, the iOS app developer, can access the information through User Defaults in Swift on the device. The dictionary is stored with key com.apple.configuration.managed.

UserDefaults.standard.object(forKey: "com.apple.configuration.managed") as? [String: Any?]

Important: UserDefaults are stored unencrypted on the device. Therefore do not propose to include sensitive information (such as passwords or private keys).

Note: Managed App Configuration is also supported for other Apple platforms, i.e. macOS and tvOS.

Create an AppConfig specification

It's up to you to define which key/value information makes sense for your app. But how will the MDM administrator know which key/value information must be specified and in which format? You could share an example plist. But there is a better way.

The AppConfig Community defined a standard on how app developers can describe the expected format of their managed app configuration property list.

I used the AppConfig Spec Creator tool to create a specification for the plist example mentioned above.

<?xml version="1.0"?>
<managedAppConfiguration>
  <version>1</version>
  <bundleId>us.eidinger.ManagedAppConfigurationReader</bundleId>
  <dict>
    <string keyName="blogURL"></string>
  </dict>
  <presentation defaultLocale="en-US">
    <field keyName="blogURL" type="input">
      <label>
        <language value="en-US">Blog URL</language>
      </label>
      <description>
        <language value="en-US">URL representing a cool online blog</language>
      </description>
    </field>
  </presentation>
</managedAppConfiguration>

The advantage of such a specification (following the standard) is that MDM solutions can interpret the configuration and use intelligent form editors to guide MDM administrators when setting managed app configuration values.

Depending on the MDM solution's specific user interface, the administrator

  • gets an intelligent form editor (based on your specification)
  • gets a simple form editor

    AppConfig in SimpleMDM

  • or has to create/upload the plist (XML) manually.

Get device-specific information through MDM otherwise unavailable

Most MDM solutions offer the option to use variables. Then the MDM administrator may specify a variable that will be replaced with a device-specific value when the app is deployed (instead of setting a fixed value in the configuration that will be shared with all devices).

Examples could be the device's

  • MEID
  • Model
  • Phone number
  • Serial number

Apple limits the scope of what data apps have access to on iOS devices, for privacy purposes. Having access to such information lets you define workflows that may not be possible without MDM and App Config.

Example App

I wrote a straightforward SwiftUI based iOS application to read any possible string-based values from its managed app configuration.

Running the app on a simulator or on a regular device will show no values.

Running app in iOS simulator

You can simulate the existence of a managed app configuration by setting UserDefaults with tool xcrun simctl as demonstrated in the following Youtube video.

But I wanted to test the E2E scenario and learn more about MDM administration. I do have no access to my company's MDM so I had to look for an alternative. Luckily I found SimpleMDM.

How to test AppConfig with SimpleMDM

SimpleMDM is a good starting point to get familiar with Mobile Device Management. It has a simple user interface and offers a 30 day free trial period. SimpleMDM provides a monthly, affordable monthly per-device subscription if I need the service beyond that timeframe.

Screen Shot 2022-01-26 at 8.19.39 PM.png

Screen Shot 2022-01-26 at 8.19.56 PM.png

You can use a different MDM solution, but I found the simplicity and pricing aspects for testing purposes really good. Initially, I wanted to test with Jamf. But their basic product line Jamf Now (Plus), allowing to manage up to 3 devices for free, cannot deploy a managed app configuration. This capability is available starting with Jamf Pro, which has a 14 day trial period and then requires to purchase licenses for a minimum of 50 devices :(

Sign-up

Sign-up is straightforward.

Sign-up

Finishing up MDM setup

Once you created an Apple Push Certificate(as illustrated below) and uploaded it you are done with the sign-up process.

Apple Push Certificate Portal - Get Started

Apple Push Certificate Portal - Create A New Certificate

Apple Push Certificate Portal - Confirmation

A guided onboarding help was presented when I logged into SimpleMDM for the first time.

Configuration

First step is to enroll your device. (I had to enroll my wife's iPhone SE as I only have a work iPhone which is already enrolled with another MDM)

Enrolled Device in SimpleMDM

Then upload your app's binary to MDM.

Upload App's binary into SimpleMDM

You then can define Managed App Configuration values for the app.

AppConfig in SimpleMDM

Finally assign the app to a group (of devices) or to an individual device and push the app to the device. The managed AppConfig will be pushed as well.

App and Media Catalog in SimpleMDM

Assignments in SimpleMDM

I found it very intuitive to do those steps.

Testing

Once the user approves the app installation

IMG-6298.PNG

and the user opens the new app

IMG-6299.PNG

then the app will show the managed AppConfig.

IMG-6300.PNG

Did you find this article valuable?

Support Marco Eidinger by becoming a sponsor. Any amount is appreciated!

See recent sponsors Learn more about Hashnode Sponsors
 
Share this