Updating apps in Single App Mode?

eri_ent's picture

eri_ent

Joined: May 23, 2016
Your rating: None (2 votes)

When Single App mode is turned on, is it possible to update an enterprise app that is running without user intervention?

I’ve tried two MDM services.  Thus far, when I push an enterprise app update to a supervised device in Single App mode, nothing happens.  I have to change the profile to turn off Single App mode and push that profile change, then push the app update, then springboard appears prompting the user to update or not, then re-enable Single App mode and push that profile change when updating is done.

We want our iOS devices to be used in a way such that only our enterprise app is allowed to run, but also have the ability to update the enterprise app remotely without requiring someone with physical access to the devices to press "OK" to accept an app update.

Top
brendan's picture

brendan

Joined: Jan 13, 2016

We've had similar experience

Your rating: None (1 vote)

We've had similar experience and similar goals. We get a NotNow response when attempting to update an enterprise app when any app is in Single App Mode. We're developing our own MDM platform to handle this workflow. Our plan is:

  1. Change Single App Mode from EnterpriseApp to OtherApp (custom app, displays "please wait" style message)
  2. Turn off Single App Mode (OtherApp remains running the the foreground
  3. Push update to TargetApp
  4. Restore Single App Mode set to EnterpriseApp

We haven't implemented this yet, but so far testing looks promising. I'm certainly interested in other work arounds available.

Top
Aaron Freimark's picture

Aaron Freimark

Joined: Nov 6, 2010
WWW

Very smart idea, and it

Your rating: None

Very smart idea, and it should work well. When you have the MDM working I'd love to take a look.

--
Aaron Freimark, Enterprise iOS founder & GroundControl CEO

Top
banthafodder's picture

banthafodder

Joined: Sep 4, 2014

Supervised Mode

Your rating: None

If your devices are in supervised mode they shouldn't be prompting about updating an internally developed app. What version of iOS are they running?

Top
brendan's picture

brendan

Joined: Jan 13, 2016

Aaron: Would love to share

Your rating: None

Aaron: Would love to share it, alas it is not meant for wide consumption. Our MDM is very tightly coupled to our internal systems and a very specific use case.

banthafodder: In this case Supervised is used as implied by the eri_ent's mention of Single App Mode which is only available to the MDM for Supervised devices. However on an unsupervised device, as of iOS7 (if I recall), the user is not prompted for updates to Managed Apps, only for the initial install. I think the only time a prompt might appear on a Supervised device is if the app you're trying to update is frontmost (but not in Single App Mode).

Top
eri_ent's picture

eri_ent

Joined: Jan 12, 2016

Followup

Your rating: None (1 vote)
banthafodder wrote:

If your devices are in supervised mode they shouldn't be prompting about updating an internally developed app. What version of iOS are they running?

iOS 9.2. Devices are Supervised (required for Single App Mode). I think Brendan is correct in framing the problem in terms of updating the frontmost app.

When we push an app update to the frontmost app in Single App Mode, I speculate iOS views this as an attempt to circumvent Single App Mode (since installing an update would require the frontmost app to quit when that's the only app allowed to run frontmost) and that's why nothing happens. I was hoping things would "just work" (kick the user back to a non-interactive Springboard while the update was installed, then re-launch the app in Single App Mode).

To respond to you, when I change our MDM profile to turn off Single App Mode, then push the app update, it does indeed prompt the user with a Cancel / Install alert. I haven't diagnosed if this occurs because the app we're updating is frontmost or because it is merely running, but requiring user interaction to deploy an app update (that may be mandatory) turns us into Manual Device Management.

Are we missing something here? What's the best way to go about deploying an update for an app that runs in Single App Mode?

Top
Aaron Freimark's picture

Aaron Freimark

Joined: Nov 6, 2010
WWW

All apps

Your rating: None
eri_ent][quote=banthafodder wrote:

When we push an app update to the frontmost app in Single App Mode, I speculate iOS views this as an attempt to circumvent Single App Mode (since installing an update would require the frontmost app to quit when that's the only app allowed to run frontmost) and that's why nothing happens

A small correction: Single App Mode actually blocks attempts at installing ANY app, not just the one running. This is unfortunate. But it is also why Brendan's step 2 is "Turn off Single App Mode."

--
Aaron Freimark, Enterprise iOS founder & GroundControl CEO

Top
patrickolson's picture

patrickolson

Joined: Oct 20, 2014

additional thought

Your rating: None
brendan wrote:

We've had similar experience and similar goals. We get a NotNow response when attempting to update an enterprise app when any app is in Single App Mode. We're developing our own MDM platform to handle this workflow. Our plan is:

  1. Change Single App Mode from EnterpriseApp to OtherApp (custom app, displays "please wait" style message)
  2. Turn off Single App Mode (OtherApp remains running the the foreground
  3. Push update to TargetApp
  4. Restore Single App Mode set to EnterpriseApp

We haven't implemented this yet, but so far testing looks promising. I'm certainly interested in other work arounds available.

Brendan -

I would assume that you probably don't want anyone messing with the "dummy" app while the enterprise app is updating. Perhaps you could kick on guided access mode until the app finishes it's update and you can turn single app mode back on. I am not sure if this can be done programmatically, but it would provide an additional layer of "dummy proofing" unless someone knew what was going on.

I am not entirely sure if apps can be updated in the background while guided access is on though...

Anyway, just thought I would share the thought.

Top
winkdtm's picture

winkdtm

Joined: Oct 24, 2014

I have tried exactly what

Your rating: None (2 votes)

I have tried exactly what brendan was thinking. That is:
1) Have Single App Mode running on target app
2) Disable Single App Mode on target app
3) Enable Single App Mode on dummy app (just shows image of saying "Please Wait")
4) Push update to target app
5) Disable Single App Mode on dummy app
6) Reenable Single App Mode on target app

Long story short, Aaron is right and any app updates are disabled until Single App Mode is disabled.

What we've done, which is not perfect by any means because it leaves a short period of vulnerability, is switch #5 and #4. So you would enable Single App Mode on the dummy, then immediately disable Single App Mode on the dummy app. From here, you can push out the update to the target app. The dummy app will remain open, while the target app is updating in the background. Yes, if someone were to click the home button they would realize that they have free range on the iPad (barring restrictions), but hopefully your internet is fast enough and the app update isn't too large.

In any case, I'm hoping that there's a better solution.

Top
patrickolson's picture

patrickolson

Joined: Oct 20, 2014

Hey - Nope that totally makes

Your rating: None

Hey -

Nope that totally makes sense. I was just thinking that if you could automate this to kick off guided access mode while the app is updating (Granted, I am unsure if the same app update restrictions apply to guided access), you could at least have a lesser chance of someone clicking the home button once and being given access.

I've had to deal with this situation before and there really isn't a graceful answer unfortunately. Sounds like you are on the right path for a work around though.

Good luck!

Top
brendan's picture

brendan

Joined: Jan 13, 2016

Non Single App Mode vulnerability window

Your rating: None

We've had success with the same workflow, but as winkdtm found, its critical that Single App Mode is disabled when the update is pushed. The reason to temporarily switch it on for OtherApp is to simply bring it to the frontmost position during the update. We also have checks in place in sending the order of commands, if for any reason a command doesn't succeed we don't send the next one.

We're aware of the temporary vulnerability while Single App Mode is disabled, fortunately for us, our implementation includes a case around the device that prevents access to the Home button, we also disable the Multitasking Gestures, so assuming our OtherApp doesn't crash it should remain frontmost and the user would not be able to take advantage of this temporary vulnerability.

We haven't tested the scenario patrickolson suggests using App requested Single App Mode in OtherApp, I'm assuming iOS would respond similarly with a NotNow under that condition. If we had a need I'd look at confirming that assumption, but so far our implementation looks like it fills our need.

Hopefully in most use cases for this Single App Mode update procedure you can protect against the temporary Non Single App Mode vulnerability window via hardware or business procedure. For instance, only issuing updates during a window when you know the device isn't being used.

Top
harish's picture

harish

Joined: Mar 1, 2016
WWW

Hi, Question for those using

Your rating: None

Hi,

Question for those using an MDM with Single App mode pushed to devices on iOS 7. I am using AirWatch, but not sure if the issue I'm seeing is related to AirWatch or is it a general Apple restriction?

Is there any way to update an app in single app mode automatically? When I try to load a new app version, nothing happens on the device if it is locked to that app. When I then remove the Single App Mode profile in the AirWatch console, a popup appears asking the user to either allow the update or cancel - it still does not automatically kick off the app update.

I am looking for a way to update the app without any end user interaction needed and minimal management on the admin side (i.e. not have to remove the single app mode profile).

Thoughts?

Top
dkingsho's picture

dkingsho

Joined: Mar 12, 2014

App Updates OTA with LanRev

Your rating: None

Hi, along the same lines as updating a single-app mode app I've just started switching some of my organisation schools across to OTA deployment using AbsoluteManage LANRev MDM solution and am trying to work out how do I push an app update out?

We've got lots of apps which have been updated in the past month since we first deployed and only around 10% of devices are updating to the latest version of the app. We have maybe 30 third-party apps.

I noticed the issue when a teacher said she'd spent time with an apps tech support and needs version 2.0.4 when most devices have 2.0. When I look in MDM I find some have indeed updated but can't work out how.

Any ideas?

Damon

Top
philback's picture

philback

Joined: Oct 12, 2016

Attempting to update Enterprise app automatically while in ASAM

Your rating: None (1 vote)

This comment thread has been a huge help but was hoping you might be able to help with a couple of other details.

We have an enterprise app that will run through our MDM in ASAM (Autonomous Single App Mode). We will install it through the MDM but need to be able to detect and initiate updates programatically without user interaction.

From the thread I gather this is possible for enterprise apps as long as they are not currently the front running app.

BTW all ipads will be managed and supervised so we have complete control of them.

We are following somewhat the plan laid out in comments above:

1) Have Single App Mode running on target app
2) Ping our server to identify a new update available (compare current version to listed version)
3) Disable Single App Mode on target app
4) Launch Maintenance App (just shows image saying "Maintenance Mode...Please Wait")
5) Push update to target app
6) Relaunch Target App
7) Re-enable Single App Mode on target app

The question I have is around Step 5 above.

Typically we would initiate the update through a browser to start the download and update of the application, however I need this instead to be initiated automatically, I would assume by the maintenance app.

How would I programatically initiate an update to an enterprise app without prompting the user to accept the update? Or is this something I have to push through the MDM and can't be called on from an app within the ipad?

Thanks in advance for your help.

Phil

Top
bhaveshagrawal1014's picture

bhaveshagrawal1014

Joined: Oct 13, 2016

Auto update In-House App

Your rating: None (1 vote)

I have kiosk application installed on iPad in Guided mode i.e. Single app mode. I am shipping/installing this iPad to my customer’s site. This way customer can use only my kiosk application. I am distributing my app using Enterprise Distribution Process.

Now I want to update my application in all those iPads. I want to update the app in such a way that it don’t show popup for update. I want to force update my application in background that does’t require user input.

So how can i push latest update?

I have hosted my IPA on inhouse webpage.

Top
Samuelbrown's picture

Samuelbrown

Joined: Oct 3, 2014

Classroom

Your rating: None (1 vote)

We have been doing this -

Apps locked into single app mode. Absolute nightmare. Created an "updating holding" app just like you guys have suggested. Still a huge pain.

We've recently enrol everything in Apple Classroom (keep in mind you don't actually need to be a school or an education institution to do this).

This has improved our updating process 10 fold.

We now just walk into the room we are trying to update. Switch the apps out that are lock into single app mode to a different app - any app and then just push the update. Then once we've left it long enough we just switch it back. The ones that don't switch back we can assume haven't completed the update yet. As soon as every app switches back we can assume the update has completed.

All using profile manager. All apps pushed don't need to be accepted as long as the devices are supervised.

Top

Who is online?

There are currently 0 admins, 0 users and 28 guests online. Connected users: .

Recent Activity