“The iOS 14 release from Apple brings some changes to the enterprise around privacy and security”
iOS 14 has hit beta release 6 and is nearing production. There are some nice customer-facing changes and usability improvements included. There are also some other feature changes ‘under the hood’ that may impact you as a business.
For a non-technical preview, check out Apple’s preview page, or their full list of features here. Engineers may want to check Apple’s release notes for iOS 14 as well.
Wi-Fi Payload and Randomised MAC Addresses
For privacy reasons Apple have advised that they will randomise MAC address with iOS 14 devices. Some enterprise Wi-Fi networks may check a device’s MAC address against those enrolled into an MDM and with a randomised MAC address presented to the network this process will fail.
For customers using MAC addresses to provision access to company Wi-Fi or using Network Access Control (NAC) solutions that rely on MAC address for device identification this change may impact a device’s ability to connect to company Wi-Fi.
Apple have advised that a new MDM flag will be available to force devices to present their actual hardware MAC rather than a random one.
Securing Notification Previews
Apple is adding more options around the visibility of notifications on locked devices. With iOS 14 the following options will be available to secure and protect company app data on Supervised / DEP devices
Always: Previews will be shown when the device is locked and unlocked
When Unlocked: Previews will only be shown when the device is unlocked
Never: Previews will never be shown
WKWebView replaces UIWebView
This is a change for apps that use Web Views – improving the security and reliability of the content they present. This change will impact MobileIron customers using apps Web@Work and Docs@Work.
For MobileIron customers using these apps on iOS devices, there will be a requirement to migrate to MobileIron Tunnel. MobileIron customers can access more details about these changes via this link.
Changes to Location Services
Location Services with iOS 14 will either return a precise (full accuracy) or approximate (reduced accuracy) location based on the user selection.
This may have impact on location tracking from EMM solutions that leverage the MDM agent for location information.
An application may request full accuracy or reduced accuracy upon location services being authorised by the user.
With ‘reduced accuracy’ set ‘ON’ the accuracy of location data is reduced in both space and time using approaches like selecting a nearby point of interest and updating the location a few times per hour. The approximate location preserves the user’s country, typically preserves the city, and is usually within 1–20 kilometers of the actual location.
Non-removable Managed Apps
This one is a long time coming. With iOS 14 it will be possible to prevent users from removing managed apps from their devices. This will allow businesses to ensure that business critical apps are always installed and present on devices and cannot be removed.
This is also great for apps that contain important app data that could be lost if an app were deleted by mistake – allowing for a more controlled back up of data before any deletions take place.
Employees will get an alert that an app cannot be deleted if they try do so.
App Clips are a new form of Application
Apple is introducing the app clip. This is a slim version of a full app that does not require the user to go through the app store and install the app. For managed devices this represents a new security threat vector.
App clips can be launched from an NFC tag, QR code, Safari link (web link), App Clip Code (unique ID), Maps, or through messages.
As a usability feature, users will have a one-tap method to install the full app after using the app clip. This may present headaches for corporate fleets, and administrators should keep an eye on the evolution of malware through this new capability.
App Tracking Permission Privacy Feature
Also, Apple has introduced a permission requirement for app tracking. Any location tracking app will now require the user to authorize the permission. Again, this should be given scrutiny if you have any corporate solution performing this function.
Increased helpdesk calls should be expected if employees must accept being tracked – communications should be prepared in advance explaining why there is a need and for what purpose. Compliance controls will need to be implemented to ensure employees accept.
Conclusion
As always, there are changes to iOS that may impact corporate users both positively, and negatively.
This article highlights just some of the new features we are tracking. We recommend developers check out the full list of API Updates and non-technical users can check out the iOS 14 preview.
If you’re interested in learning how iOS devices could work better in your business, check our Intune Security Baseline service, or contact us.
