Most of us use apps on our phones every day — including apps that we chose to download from our phone’s app store. We tend to trust these apps because we trust whoever made the app store, but not all apps are innocent. While some apps are indeed malicious, some are just vulnerable, putting corporate and personal information at risk. Some risks include:
- Permissions and data access controls that go against company compliance requirements
- Known Common Vulnerabilities and Exposures (CVEs)
- Zero-day vulnerabilities
While the “simplest” way to prevent this would be preventing users from downloading any apps, this isn’t tenable — you likely have work apps you need to do your job and organization’s can’t always prevent users from downloading unapproved apps. So what can IT do to protect company resources?
Restricting app network access with Jamf Protect
As of August 22, there’s a new section in RADAR called App blocking. This feature leverages Apple’s on-device content filter (ODCF) to block traffic from risky apps. The ODCF identifies apps based on their unique bundle ID instead of user agents, the latter of which can be inaccurate or inconsistently implemented. While users are able to download an unapproved app to their device, by blocking it in App blocking, the app will not have network access.
To use App blocking in RADAR:
- Go to Policies | Security | App blocking.
- Enter one or more comma-separated bundle IDs (you can find an app’s bundle ID with bundle ID finder tools online).
- Select Add app blocks
- The bundle IDs are added to your app blocklist — note that blocked app traffic is reported with hostnames instead of bundle IDs, so you may see multiple hostnames associated with the blocked bundle ID.
This feature is only available on supervised devices with iOS or iPad OS 16 or later that have on-device content filtering enabled.
Try Jamf Protect's app traffic blocking feature.
Have market trends, Apple updates and Jamf news delivered directly to your inbox.