On-device Content Filtering: Privacy-friendly and Powerful | JNUC 2023

Discover how Jamf's innovative on-device content filtering solution offers powerful web protection while ensuring user privacy for iOS and iPadOS devices.

amf's "On-device Content Filtering: Powerful and Privacy-friendly" session at JNUC presented an innovative solution for enhancing security without compromising privacy. Hernán Romero, the Product Manager at Jamf, showcased this new on-device content filtering feature, specifically designed for iOS and iPadOS. This technology significantly shifts web-protection policy evaluation from the cloud to the device itself, utilizing Apple's network APIs and the enhanced capabilities of modern iPhones and iPads.

This on-device approach employs an Apple network extension to directly analyze device traffic. Its deep integration with Apple’s architecture allows for more extensive filtering capabilities beyond traditional domain-based rules. Key features include advanced URL evaluation, IP address blocking, Bundle ID-based traffic filtering, and comprehensive keyword blocking in URLs and HTML bodies. This method ensures a faster, lower latency user experience and prevents bypassing via personal VPNs.

Prioritizing privacy, the solution operates within a semi-sandboxed network extension environment, ensuring that all sensitive user data is securely handled and stripped of personal information before reporting. This design provides robust security while maintaining user privacy.

The on-device content filtering solution caters to various user groups, including students, parents, teachers, high-compliance environments, and admins, offering a comprehensive tool that aligns with Apple's principles. The session also included a detailed demonstration of the setup, deployment, and practical application, along with a Q&A segment, making it an informative resource for all users seeking enhanced web security with privacy considerations.