iPhone IOS Jailbreak – Potential IT ‘Spyware’ on Corporate iPhones

iosiphonejailbreak

I have an iPhone through my company. From my understanding, Apple does not allow any software onto their i* devices that does not come from the app store. I got into a discussion with a coworker about how IT can track the phone. Is there any keyboard loggers, or other spyware that could be installed which would allow a company to track employees actions outside of the traditional email client?

I know text messages show up on a monthly bill through the carrier. If texting through Google voice, I'm assuming that would be unreadable, since it is a third party app and uses a data connection?

Best Answer

Companies can choose to provide in-house apps to employees through the iOS Developer Enterprise Program without listing them on the Apple iOS App Store.

What you're asking about mainly falls into the realm of MDM (Mobile Device Management). One of the popular MDM solutions on iOS is Afaria, from SAP. Installation of the MDM app is made a mandatory requirement by some companies in order to allow employees to connect to corporate email (and other services). An MDM solution can be used to setup apps, accounts, impose corporate policies/restrictions on specific features and also enable remote wiping of the device through the provisioning of profiles.

Due to the application sandbox restrictions imposed by iOS, the MDM application does not have complete control over the device to snoop across every other application on the system and the OS. It cannot log keystrokes, network communication or data from the apps you use.

Read through the iPhone in Business page for details. Here are some relevant snippets:

While IT can interact with iPhone and iPad devices through an MDM server, not all settings and account information are exposed. IT can only manage corporate accounts, settings, and information provisioned via MDM. The user's personal accounts can’t be accessed.
...
...

Examples of what an MDM server can and can't see on an iOS device.

MDM can see:

Device name

Phone number

Serial number

Model name and number

Capacity and space available

iOS version number

Installed apps

MDM cannot see:

Personal mail, calendar, contacts

SMS or iMessages

Safari browser history

FaceTime or phone call logs

Personal reminders and notes

Frequency of app use

Device location

A few more points to note on this topic:

Apple may expand on the device monitoring and policy enforcement features in future releases of iOS.
One important prerequisite imposed by companies for allowing access to corporate email (and other resources) in exchange for installing MDM on the device is that the device must not be jailbroken. Companies that take security seriously would not allow (at least in their policies) jailbroken devices that could be vulnerable to all kinds of attacks (including, but not limited to, disabling or crippling the MDM app and/or the MDM policies pushed to the device).
Of course, if a device is jailbroken, then any malicious app could access and gather a lot more information than standard MDM solutions available now (however, no commercial enterprise solution would ask for the device to be jailbroken as a prerequisite).

Related Solutions

IOS – How to have the iPhone rotate the homescreen

SBRotator is a bit awful, but it works.

IOS – Endianness of iPhones

even if you think you do not need to know the endianness someone might do. No need to explain why someone does not need it because you may do not know the context. The question is not "do I need to know endianness" but rather "is it big- or little endian". So concentrate on the subject please!

Having said that probably it is the best practice if we do not re-invent the wheel and just rely on the macros Apple provides for this. The reason is because they have spend quite some time to optimize these macros and made sure that works well with the simulator as well as on Mac, iPhone and all of their OS' and hardware.

If you dig down what is happening when you invoke CFSwapInt16BigToHost you may can see comments that suggests these macros are producing probably the best machine code you can get with the help of the compiler optimization:

OS_INLINE
uint16_t
_OSSwapInt16(
    uint16_t        data
)
{
  /* Reduces to 'rev16' with clang */
  return (uint16_t)(data << 8 | data >> 8);
}

OS_INLINE
uint32_t
_OSSwapInt32(
    uint32_t        data
)
{
#if defined(__llvm__)
  data = __builtin_bswap32(data);
#else
  /* This actually generates the best code */
  data = (((data ^ (data >> 16 | (data << 16))) & 0xFF00FFFF) >> 8) ^ (data >> 8 | data << 24);
#endif

  return data;
}

Best Answer

Examples of what an MDM server can and can't see on an iOS device.

Related Solutions

IOS – How to have the iPhone rotate the homescreen

IOS – Endianness of iPhones

Related Question