iphonesecurityipadipodjailbreak

Lock-down iPhone/iPod/iPad so it can only run one app


We'd like to 'lock-down' an iPhone/iPod/iPad so that the user can only run one app (we've developed this app internally). I'm guessing we'd be looking at jailbreaking, and then replacing (?) the default Springboard app.

Can we do this? If so, how?


EDIT: iOS 7 now includes an 'App Lock' payload as part of the device configuration profile. From the Apple docs:

"By installing an app lock payload, the device is locked to a single application until the payload is removed. The home button is disabled, and the device returns to the specified application automatically upon wake or reboot."

Read more about it here:
https://developer.apple.com/business/documentation/Configuration-Profile-Reference.pdf


Solution

  • It is possible to put an iPad or iPhone into 'Store Demo' mode so that the home button and swipe to home gesture is disabled. If you have seen the iPads in the Apple Store running the smart sign apps then you will know what I mean.

    It is actually pretty trivial to make this work, all you need to do is install a correctly formatted mobile config plist over the air from a web server.

    To deliver your config from the web all you have to do is direct the iPhone to a url containing the profile. Just open the link to your .mobileconfig file in safari. If you don't have web space you can just use dropbox public folder URLs or switch on your mac webserver.

    It's possible that you can load the config using IPCU too but I have not tried this. This config file will not load in the iPhone Configuration Utility as it uses keys that IPCU doesn't know about. You can combine this with whatever other enterprise configuration profiles you have in play.

    EDIT: @cocoanetics pointed out that IPCU is not required to remove the profile. However note that to get your device back to normal you would need to do the following:

    1. Reboot
    2. Open the settings app FIRST - don't open anything else or you will need to reboot again
    3. Settings->General->Profiles->[your profile] remove it.
    4. Reboot

    you should be back to normal.

    I have included an example plist that will disable the home button and lock your device into the app.

    BEWARE

    Once this profile is installed the first app that is launched when the device is rebooted will be the only app that will run until you reboot the device again. As @Cawas has said this completely disables the ability to return to the home screen (unless your app crashes) including accessibility assistive touch.

    Note that after installing the profile you must reboot the device (power off, power on) for it to take effect. To remove the profile plug the device into IPCU and delete it then reboot the device. Everything will be back to normal.

    <?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
    <plist version="1.0">
    <dict>
        <key>PayloadContent</key>
        <array>
            <dict>
                <key>PayloadDescription</key>
                <string>Disables home</string>
                <key>PayloadDisplayName</key>
                <string>Home Button Lock</string>
                <key>PayloadIdentifier</key>
                <string>com.hbkill.kiosk</string>
                <key>PayloadOrganization</key>
                <string>My Org</string>
                <key>PayloadType</key>
                <string>com.apple.defaults.managed</string>
                <key>PayloadUUID</key>
                <string>B2D02E2D-BAC5-431B-8A29-4B91F71C9FC1</string>
                <key>PayloadVersion</key>
                <integer>1</integer>
                <key>PayloadContent</key>
                <array>
                    <dict>
                        <key>DefaultsDomainName</key>
                        <string>com.apple.springboard</string>
                        <key>DefaultsData</key>
                        <dict>
                        <key>SBStoreDemoAppLock</key>
                        <true/>
                        </dict>
                    </dict>
                </array>
            </dict>
        </array>
        <key>PayloadDescription</key>
        <string>Disables Home Button</string>
        <key>PayloadDisplayName</key>
        <string>Home Button Lock</string>
        <key>PayloadIdentifier</key>
        <string>com.hbkill</string>
        <key>PayloadOrganization</key>
        <string>My Org</string>
        <key>PayloadType</key>
        <string>Configuration</string>
        <key>PayloadUUID</key>
        <string>614D1FE3-F80D-4643-AF6B-D10C4CC8737A</string>
        <key>PayloadVersion</key>
        <integer>1</integer>
    </dict>
    </plist>
    

    You may well have moved on from this but I thought I would post this answer here as I came across the question while I was trying to figure out how to do the same thing.