All you need to know about Managed App Configuration
What is it, how to access it in Swift and how to test end-2-end with SimpleMDM
Table of contents
I wrote this blog post for iOS enterprise app developers as I found it very difficult to find a holistic explanation about Managed App Configuration. Most articles may cover the implementation part in Swift, and that's it. My goal is to give you the whole picture and cover aspects like
- tips on creating and sharing a specification for Managed App Configuration,
- insights on how a Managed App Configuration gets deployed and
- how you can test Managed App Configuration end-2-end without having access to your corporate MDM solution.
Managed App Configuration
The Big Picture
Managed App Configuration, commonly referred simply as AppConfig, allows iOS app developers to customize the app when paired with a Mobile Device Management (MDM) solution. AppConfig allows MDM solutions to remotely deliver data to a managed device, which then can be used by the app to customize the user experience or app behavior.
Key takeaway: a Mobile Device Management (MDM) solution is required for productive use!
Use Cases
UI Configuration is one potential use case as enterprise organizations often like to rebrand apps to match the branding of their own organization. As the app developer, you can define a way to allow organizations to specify the colors, text, or other UI elements that may be unique to their needs. And the MDM administrator, on behalf of the organization, can apply those settings to the managed devices.
Another use case is that your app might require connectivity to a server tenant owned by the organization. Rather than prompting users to input the information themselves, this information could be provided by the MDM server via App Config, making the setup process invisible to the end-user.
Who is doing what?
There are three fundamental steps:
| Task | Responsible |
| Define the configuration parameters and what those can influence within the app | App Developer |
| Implement code so that the app reads and honors the AppConfig | AppDeveloper |
| Set and deploy AppConfig to device(s) | MDM Admin |
How AppConfig is sent to the device
A Mobile Device Management solution may send application configuration to the device with either of these two MDM commands:
- Install App or
- Configure Settings (e.g. the app is already installed)
The data sent to the device is a XML property list. Example:
<dict>
<key>BlogURL</key>
<string>https://blog.eidinger.info</string>
</dict>
How to access AppConfig in your iOS app
You, the iOS app developer, can access the information through User Defaults in Swift on the device. The dictionary is stored with key com.apple.configuration.managed.
UserDefaults.standard.object(forKey: "com.apple.configuration.managed") as? [String: Any?]
Important: UserDefaults are stored unencrypted on the device. Therefore do not propose to include sensitive information (such as passwords or private keys).
Note: Managed App Configuration is also supported for other Apple platforms, i.e. macOS and tvOS.
Create an AppConfig specification
It's up to you to define which key/value information makes sense for your app. But how will the MDM administrator know which key/value information must be specified and in which format? You could share an example plist. But there is a better way.
The AppConfig Community defined a standard on how app developers can describe the expected format of their managed app configuration property list.
I used the AppConfig Spec Creator tool to create a specification for the plist example mentioned above.
<?xml version="1.0"?>
<managedAppConfiguration>
<version>1</version>
<bundleId>us.eidinger.ManagedAppConfigurationReader</bundleId>
<dict>
<string keyName="blogURL"></string>
</dict>
<presentation defaultLocale="en-US">
<field keyName="blogURL" type="input">
<label>
<language value="en-US">Blog URL</language>
</label>
<description>
<language value="en-US">URL representing a cool online blog</language>
</description>
</field>
</presentation>
</managedAppConfiguration>
The advantage of such a specification (following the standard) is that MDM solutions can interpret the configuration and use intelligent form editors to guide MDM administrators when setting managed app configuration values.
Depending on the MDM solution's specific user interface, the administrator
- gets an intelligent form editor (based on your specification)
gets a simple form editor
or has to create/upload the plist (XML) manually.
Get device-specific information through MDM otherwise unavailable
Most MDM solutions offer the option to use variables. Then the MDM administrator may specify a variable that will be replaced with a device-specific value when the app is deployed (instead of setting a fixed value in the configuration that will be shared with all devices).
Examples could be the device's
- MEID
- Model
- Phone number
- Serial number
Apple limits the scope of what data apps have access to on iOS devices, for privacy purposes. Having access to such information lets you define workflows that may not be possible without MDM and App Config.
Example App
I wrote a straightforward SwiftUI based iOS application to read any possible string-based values from its managed app configuration.
Running the app on a simulator or on a regular device will show no values.
You can simulate the existence of a managed app configuration by setting UserDefaults with tool xcrun simctl as demonstrated in the following Youtube video.
But I wanted to test the E2E scenario and learn more about MDM administration. I do have no access to my company's MDM so I had to look for an alternative. Luckily I found SimpleMDM.
How to test AppConfig with SimpleMDM
SimpleMDM is a good starting point to get familiar with Mobile Device Management. It has a simple user interface and offers a 30 day free trial period. SimpleMDM provides a monthly, affordable monthly per-device subscription if I need the service beyond that timeframe.
You can use a different MDM solution, but I found the simplicity and pricing aspects for testing purposes really good. Initially, I wanted to test with Jamf. But their basic product line Jamf Now (Plus), allowing to manage up to 3 devices for free, cannot deploy a managed app configuration. This capability is available starting with Jamf Pro, which has a 14 day trial period and then requires to purchase licenses for a minimum of 50 devices :(
Sign-up
Sign-up is straightforward.
Once you created an Apple Push Certificate(as illustrated below) and uploaded it you are done with the sign-up process.
A guided onboarding help was presented when I logged into SimpleMDM for the first time.
Configuration
First step is to enroll your device. (I had to enroll my wife's iPhone SE as I only have a work iPhone which is already enrolled with another MDM)
Then upload your app's binary to MDM.
You then can define Managed App Configuration values for the app.
Finally assign the app to a group (of devices) or to an individual device and push the app to the device. The managed AppConfig will be pushed as well.
I found it very intuitive to do those steps.
Testing
Once the user approves the app installation
and the user opens the new app
then the app will show the managed AppConfig.
