Apple’s iPhone Enterprise Application Delivery- REVISTED
July 14, 2008 8:08 am Enterpise, securityOn June 13th I posted about the misteps Apple made regarding iPhone Application Delivery for the enterprise. It got several comments to the tune that I was jumping the gun.
I began reading through the iPhone Enteprise Deployment Guide. Some interesting thoughts here noted in this document that I pulled out while I skimmed through. It says in Chapter 1: “It [iTunes] is also required for downloading and installing software updates for devices and installing your enterprise applications.”
Later on in the same chapter it adds: “If you are planning to deploy enterprise iPhone and iPod touch applications, you install the applications on your devices using iPhone Configuration Utility for Mac OS X or
iTunes for Mac and Windows. Once you deploy an application to user’s devices, updating those applications will be easier if each user has iTunes installed on their Mac or PC.”
One positive that I pulled out from the document is that Apple is documenting some registry changes that can be used to help “lock-down” iTunes and limit functionality such as automatic updates and discovery of AppleTV devices. However, it seems that it does not go on to completely prevent Library sharing using Bonjour/mDNS.
Chapter 5 is all about application deployment. Apple seems to confuse the procedure a bit by first saying: “Your users use iTunes to install applications on their devices. Securely distribute the
application to your users and then have them follow these steps” and then saying “You can use iPhone Configuration Utility for Mac OS X to install applications on connected devices.”
There is a web version for Mac or Windows of this latter utility, but it is limited only to creating config files for mail settings, application certificates, etc., while the Mac desktop version (Windows version not available) additionally allowed the viewing of log files and application installs. These tools are primary used for device configuration by an administrator, not by an end-user.
Hopefully Apple will expand the web version of the iPhone Configuration Utility to provide application delivery such that iTunes can be bypassed OR provides more details on how to lock iTunes down further.
One of the commenters asked what my security concern with iTunes was. GNUCITIZEN did a nice write-up on this some time ago, so I figured its best to link to those:
- http://www.gnucitizen.org/blog/name-mdns-poisoning-attacks-inside-the-lan/
- http://www.gnucitizen.org/blog/dhcpmdns-injection-issues/
The lines are still too long for me…but i’ll get there eventually. I am also looking to buy an MBA, but after the last price drop I smell a new version (bigger drive? more memory?) coming. Maybe its wishful thinking.
iWelcome your comments.
![[del.icio.us]](http://flossyourmind.com/wp-content/plugins/bookmarkify/delicious.png)
![[Digg]](http://flossyourmind.com/wp-content/plugins/bookmarkify/digg.png)
![[Google]](http://flossyourmind.com/wp-content/plugins/bookmarkify/google.png)
![[StumbleUpon]](http://flossyourmind.com/wp-content/plugins/bookmarkify/stumbleupon.png)
![[Windows Live]](http://flossyourmind.com/wp-content/plugins/bookmarkify/windowslive.png)
![[Yahoo!]](http://flossyourmind.com/wp-content/plugins/bookmarkify/yahoo.png)
![[Email]](http://flossyourmind.com/wp-content/plugins/bookmarkify/email.png)