intune ios Security

iOS Alternative App Stores? Not on My Supervised Devices!

The world of iOS app distribution is experiencing a shakeup, particularly in the European Union (EU). With the recent changes in iOS 17.4, users in the EU now have the ability to download and install alternative app stores on their iPhones and iPads. These app stores operate independently of

5 min read
iOS Alternative App Stores? Not on My Supervised Devices!

The world of iOS app distribution is experiencing a shakeup, particularly in the European Union (EU). With the recent changes in iOS 17.4, users in the EU now have the ability to download and install alternative app stores on their iPhones and iPads. These app stores operate independently of the official Apple App Store, offering users a potentially wider range of app choices.

This change stems from the EU's Digital Markets Act (DMA) regulations, aimed at fostering fairer competition in the digital market. The DMA specifically targets large gatekeepers like Apple, requiring them to open their platforms to alternative app stores and loosen their control over app distribution.

While this change brings new possibilities for individual users, it raises significant concerns for organizations managing supervised iOS devices. Let's delve deeper into the potential risks and explore strategies to maintain control over your supervised device ecosystem.


The Looming Risks of Alternative App Stores on Supervised Devices

While the ability to explore alternative app stores might seem appealing to some users, it introduces several security and management challenges at enterprise level for managing supervised iOS devices. Here's why you should tread carefully:

1. Compromised Security:
2. Loss of Management Control:
3. Compliance Concerns:

Strategies to Fortify Your Supervised Device Ecosystem

The good news is that you have options to mitigate the risks associated with alternative app stores and maintain control over your supervised iOS devices. Here are some key strategies to consider:

1. Leverage MDM Capabilities:
2. User Education and Awareness:
3. Continuous Monitoring and Evaluation:
4. Consider Alternative Approaches:

Enforcing Restrictions Using Intune

While the ability to block installation of alternative marketplace apps will be soon shipped with Microsoft Intune. You can still achieve this using a custom configuration profile (.mobileconfig) file to test it out.

You can use the below xml file to prevent installation of alternative marketplace apps from the web and prevents any installed alternative marketplace apps from installing apps.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>PayloadContent</key>
	<array>
		<dict>
			<key>PayloadIdentifier</key>
			<string>com.apple.applicationaccess.48963245-1DAE-8E53-0652-1AE00S0123Z01</string>
			<key>PayloadType</key>
			<string>com.apple.applicationaccess</string>
			<key>PayloadUUID</key>
			<string>30682134-6CEB-4B98-8950-6CC54F244C05</string>
			<key>PayloadVersion</key>
			<integer>1</integer>
			<key>allowMarketplaceAppInstallation</key>
			<false/>
			<key>ratingRegion</key>
			<string>NL</string>
		</dict>
	</array>
	<key>PayloadDisplayName</key>
	<string>DMA Restrictions</string>
	<key>PayloadIdentifier</key>
	<string>com.IRL.Alt Marketplace Restrictions</string>
	<key>PayloadType</key>
	<string>Configuration</string>
	<key>PayloadUUID</key>
	<string>89Z13C98-02Y6-2468-7J5K-6F69D2H087HG</string>
	<key>PayloadVersion</key>
	<integer>1</integer>
</dict>
</plist>

Let's Verify


Conclusion

In conclusion, the advent of iOS 17.4 and the introduction of alternative app stores represent a significant pivot in the landscape of app distribution for users in the European Union. While this move heralds a new era of choice and flexibility, it simultaneously underscores a vital need for vigilance and proactive management in safeguarding supervised iOS devices within organizational environments.

The path forward is one of cautious optimism, armed with the knowledge and tools to navigate the complexities of this new digital landscape.

Share This Post

Check out these related posts

Secure, Contain, Protect... Your Mac: Deploy mSCP with Intune

A New Era of Device Management: Exploring Microsoft Copilot for Security with Intune

Copilot to the Rescue: Empowering Users and Streamlining IT with Self-Service Device Management