MobileIron does not wrap the iOS extensions

by

I am sorry for the spoiler in the title. But we discover that the iOS extensions do not work properly after wrap an app with MobileIron and we did not found any information about it on MobileIron documentation and neither on Internet. Because of that we choose to use this title in order to help other developers that have the same issue that we had.

MobileIron is a MDM (Mobile device management). A platform that allows to distribute apps inside a company and also add to that apps an extra security layer (passcode, remote wipe, secure tunneling…).
Is one of the most used MDM.

At this time we found that  a mobile app wrapped with the Mobil Iron Wrapper that use “Secure Tunneling” to access to a internal server have problems.
If we use the main app it works fine and the app can access to the internal network but is we try to use the Share In extension the app can not access to the internal network.

Mobile Iron Wrapper

Using a proxy (Charles or Mitproxy) we saw the network request and we discover that the Wrapper of MobileIron change the URL of the request on the fly.

If the app have to connect with https://internal.company.com (internal server not accessible from internet) the URL is changed to https://sentry.company.com (external server) that it is the MobileIron server who make the tunneling. Because of that all the request that have to go to https://internal.company.com first at all pass for https://sentry.company.com and are redirected to https://internal.company.com

But on the Share In extension it does not happens. The URL never change and always the app tried to connect with https://internal.company.com. So the request never comes to their destiny. Also we saw that the Passcode was never asked on the Share In extension. Because of that we thought that the Wrapper did not wrap the extensions.

With all those information we wrote to the MobileIron support team and they confirmed our theory.

The MobileIron Wrapper do not wrap the extensions because the extension can not read the policies. When we open the wrapped app this app automatically open Mobile@Work that it is a MobileIron app that read the policies and apply it on the wrapped app.

When we use an extension that “flip” between apps it is possible because the extensions work in a different process so MobileIron can not open Mobile@Work and come back to the extension.

The extensions use to have small functionalities be that functionalities could allow to a user access to restricted information so it is very important to know it in order to not have a security issue on our wrapped apps.

Leave a Comment

¿Necesitas una estimación?

Calcula ahora

Privacy Preference Center

Consent Management

We use cookies to offer you a better browsing experience, analyze site traffic and personalize content. Read about how we use cookies and how you can control them by clicking "Privacy Preferences". If you continue to use this site, you consent to our use of cookies.

Política de cookies

Cookies Policy

Own cookies

Cookies Used

Required
__unam, gdpr 1P_JAR, DV, NID, _icl_current_language

Analytics Cookies

This cookies help us to understand how users interact with our site

Cookies Used

_ga, _gat_UA-42883984-1, _gid, _hjIncludedInSample,

Subscription Cookies

These cookies are used to execute functions of the Web, such as not displaying the advertising banner and / or remembering the user's settings within the session.

Cookies Used

tl_3832_3832_2 tl_5886_5886_12 tve_leads_unique

Other