Blacklist/ Whitelist apps feature in 9.5

Hackert
New Contributor III

OK, I'll be the one to ask. I noticed that in Feature Requests, the 'Whitelist/ Blacklist feature for iOS apps' has been implemented in 9.5. So I updated to version 9.5, but cannot find where I would do this. I can install apps, even when the App Store is removed, but that is not the same thing. Please help me out, what am I missing?

6 REPLIES 6

mm2270
Legendary Contributor II

Is it only when using iOS 8 perhaps? Haven't really looked at the notes, mostly because I don't manage any iOS devices, only Macs, but something tells me this can only be done with iOS 8, or may require the new iBeacon functionality included in 9.5.

Hackert
New Contributor III

We have a test iPad which we have moved to iOS 8, but still no go. I would think the change would actually have to be in the JSS. A new screen which allows you to blacklist/ whitelist.

We also tried placing an app in the Self-Service portal that doesn't meet the age restriction, hoping that would whitelist an app. It does not. They can download it, and immediately watch it disappear from their homescreen.

My only guess would be JAMF's definition of whitelist/blacklist is different from mine. Maybe they expect you to remove the App Store and use the Self Service portal for all apps. This would effectively control the app choices, but I did not want to be so restrictive.

mm2270
Legendary Contributor II

In looking through the release notes a little more, I think what you stated may be correct. Looks like you may need to restrict access to the App Store with a profile and have all installs go through the Self Service portal. That may not help with existing devices though since if an app is already installed prior to this upgrade, it looks like its not possible to blacklist it after the fact.
If there's a different way to do it, it doesn't look like its mentioned in the full documentation. I only see a reference to this KB article:
https://jamfnation.jamfsoftware.com/article.html?id=377

If this is the only way it can be done, then its more of a whitelist than a blacklist.

Hackert
New Contributor III

Thanks mm2270. I am still holding out hope for something more... If this is the case, it feels very restrictive. What if I only want to block a handful of known abused apps? This will also not block users from connecting their devices to a computer with iTunes and transferring apps. So you would be forced to restrict a user from connecting their device to a computer, which I don't prefer.
Even if it isn't here now, I am hoping JAMF continues to work on this feature.

RWitt
New Contributor II

From what JAMF has mentioned to me that looks to be the case. The white list is essentially apps from self service and the removal of the app store. Which has really been around for a few versions now. We don't allow connecting to a computer so for us this will work. We have been caching all our self service apps and only allowing our self service apps as the approved apps. The updating of this though is ridiculously time consuming so this will go along way in helping us anyway. It may be restrictive but it has stopped the rampant "gamification" of the device.

This is an apple framework issue and not really a JAMF issue. I would love to block categories of apps, but Apple tends to be very deaf when it comes to restricting how the app store functions in K12 and Corporate worlds. If I could block just games and allow everything else I would.

mm2270
Legendary Contributor II

I suppose the new functionality is fine for some environments, maybe lower education settings for example where you can get away with being that restrictive, but I guess what I find a little disappointing here is that the specific Feature Request was titled as "Whitelist/Blacklist feature for iOS apps" and was subsequently marked as "implemented" which isn't really true. Had JAMF labeled it as "Partially Implemented" it would have been more accurate. Whitelist ? Blacklist. These are two very different methods.
Whitlelist's basic definition being:
Block everything except for this very specific list of apps
and Blacklist's definition being:
Allow everything except for this very specific list of apps

There's a pretty major difference between these two.