Block and Remove iOS Apps

GetCart3r
New Contributor III

With recent discussions of the Canadian Government blocking and removing TikTok from mobile devices, I would like to explore how this can be accomplished in case our institution decides to do the same. While researching this topic, I came across articles that suggest flagging the device as non-compliant or "restricting" the app through its bundle ID, but these methods do not actually remove or block the app.

When you add a restriction, it only hides the icon from launching the app. The app can still be downloaded from the App Store, and although it will hide the icon, it will still be present on the device.

4 REPLIES 4

ALARA
New Contributor

Following this thread - experiencing the same thing.

RLR
Valued Contributor

You will have to remove the app store from their device and publish all apps you want them to be able to download via self service.

joshuasee
Contributor III

Keep in mind that app likely can't execute in that case, so you might have to present the "they can't click it" as a solution to your superiors. It will be very difficult to remove the app without user consent under most scenarios if end users were the ones who installed it. If you really want to be able to remove them from iOS devices, you will need ADE and VPP set up and the devices supervised. Untested, but my inclination would be to:

  1. Block the App Store. 
    • If you really want to control app distribution, you should be doing this anyway. This won't be the last app to be retrobanned while staying in the store.
  2. Create a smart, or ideally static, group of all the devices that have the app installed.
  3. Acquire enough VPP licenses for the app to cover the number currently installed.
  4. Create the app object in Jamf if it isn't there already. Set it to install automatically and don't make it available in Self Service.
    • Make sure Make app managed when possibleConvert unmanaged app to managed
      Remove app when MDM profile is removed, and Allow users to remove app are all checked.
  5. Scope the app to the group of those that already have it.
  6. Wait for the app to convert to managed, as shown in the "Apps" part of the inventory for the device.
  7. Exclude devices that have converted to managed version from the scope. The app should uninstall.

 

thellum
New Contributor III

@joshuasee Thanks very much indeed for this. Worked like a charm.