Under Settings -> Device Management I notice there are at least 3 different categories of items:
- Mobile Device Management
- Configuration Profile
- Enterprise App
But documentation online seems sparse for the layman. What are the security implications for each of these?
- I assume "Mobile Device Management" allows virtually full access up to the system level, including seeing what apps you have installed, turning on your camera, or initiating a remote wipe.
- "Configuration Profile" seems to allow root certificate installation, allowing MITM and HTTPS sniffing: https://security.stackexchange.com/questions/116967/what-are-the-security-implications-of-installing-an-iphone-configuration-profile
- What about "Enterprise App"?
(cross-post from https://security.stackexchange.com/questions/229343/how-does-ios-device-management-work)
Best Answer
You are correct about the first two settings. Enterprise App is a way of developing and installing in-house apps onto iOS devices using an MDM server instead of through the Apple App store model.
Read between the lines and see: https://docs.jamf.com/10.8.0/jamf-pro/administrator-guide/In-House_Apps.html