Apple iOS Inspectors

This page has not been liked. Updated 5/6/13 5:01 PM by MattHauckTags:

General

General identifying inspectors that distinguish this device from others.

 

Key Phrase Return Type Description
device id <string> Unique identifier for this device from the perspective of TEM
data source <string> "Apple MDM"
device type <string> "Mobile"
computer name <string> If the user has submitted an email id via the Mobile Client app, then this will appear as "[user]'s [model name]", e.g. "mhauck's iPhone". Otherwise, it will use the iTunes name of the device. Otherwise, it will default to the serial number.

 

Operating System

Key Phrase Return Type Description
operating system <operating system> Creation method for <operating system>
name of <operating system> <string> "Apple iOS"
version of <operating system> <version> Version of iOS for this device, e.g. "5.0"
android of <operating system> <boolean> False on iOS
ios of <operating system> <boolean> True on iOS, False for other operating systems
blackberry of <operating system> <boolean> False on iOS
webos of <operating system> <boolean> False on iOS
symbian of <operating system> <boolean> False on iOS
windows phone of <operating system> <boolean> False on iOS

 

System Folder

Key Phrase Return Type Description
system folder <folder> Creation method for <folder>
drive of <folder> <drive> Creation method for <drive>
free space of <drive> <integer> Number of bytes free on this drive
total space of <drive> <integer> Total size in bytes on this drive

 

Users

Key Phrase Return Type Description
current user <logged on user> Creation method for <logged on user>
logged on users plural <logged on user> Creation method for <logged on user>
name of <logged on user> <string> If the user has entered an email id upon enrollment, that will be used to determine this value, otherwise it will not exist.
authenticated id of <logged on user> <string> The id of the user this device is authenticated against. In the case of LDAP/AD this is the distinguished name. This property is only set if the device is indeed authenticated.

 

Device

Key Phrase Return Type Description
device <device> Creation method for <device>
name of <device> <string> The name assigned to this device by the user, e.g. "John Smith's iPad"
phone number of <device> <string> Phone number as a string with no dashes or spaces, e.g. "5105551234"
model number of <device> <string> The model number of the device, e.g "MD276LL"
model name of <device> <string> The model name of the device, e.g. "iPhone"
product name of <device> <string> The more specific model name of the device, e.g. "iPhone4,1" is the product name for iPhone 4S
serial number of <device> <string> The serial number of the device, e.g. "D97YGQ12CQK7"
bluetooth mac address of <device> <string>  
wifi mac address of <device> <string>  
build version of <device> <string> The build number of the iOS version on the device, e.g. "9B179"
iccid of <device> <string> Installed SIM card's unique serial number (Integrated Circuit Card Identifier)
udid of <device> <string> Unique Device Identifier for this iOS device
hardware encryption capabilities of <device> <integer> This is a bit field value. A value of 1 means block-level encryption is enabled. A value of 2 means file-level encryption is enabled. A value of 3 means both are enabled.
jailbroken flag of <device> <boolean> True if the device is jailbroken, false if not. This property is dependent on the IBM Mobile Client iOS app.

 

Cellular Info

Key Phrase Return Type Description
cellular info <cellular info> Creation method for <cellular info>
imei of <cellular info> <string> Unique identifier for this device (GSM networks)
meid of <cellular info> <string> Unique identifier for this device (CMDA networks)
current carrier network of <cellular info> <string> The name of the current carrier network
sim carrier network of <cellular info> <string> The name of the home carrier network (including CDMA networks)
data roaming enabled of <cellular info> <boolean> The value of the data roaming setting
voice roaming enabled of <cellular info> <boolean> The value of the voice roaming setting.
modem firmware version of <cellular info> <string> e.g. "2.0.10"
subscriber mcc of <cellular info> <string> Home Mobile Country Code (e.g. "310")
subscriber mnc of <cellular info> <string> Home Mobile Network Code (e.g. "VZW")
current mcc of <cellular info> <string> Current Mobile Country Code
current mnc of <cellular info> <string> Current Mobile Network Code
carrier settings version of <cellular info> <version> e.g. "12.0"
cellular technology of <cellular info> <integer> A value of 0 means "none". A value of 1 means GSM, and a value of 2 means "CDMA".

 

Proxy Agent Plugin

Key Phrase Return Type Description
proxy agent plugin <proxy agent plugin> Creation method for <proxy agent plugin>
last report time of <proxy agent plugin> <time> The last time a device report was generated for this device
version of <proxy agent plugin> <string> The version of this proxy agent plugin

 

MDM Server

These properties represent and describe the IBM Endpoint Manager iOS Server that facilitates MDM (Mobile Device Management) functionality, communicating both with iOS devices as well as with the TEM infrastructure.

Key Phrase Return Type Description
mdm server <mdm server> Creation method for <mdm server>
url of <mdm server> <string> URL of the MDM server this device is enrolled to, e.g. "https://mdm.yourcompany.com"
version of <mdm server> <version> Version of the IBM Endpoint Manager iOS Server, e.g. "8.2.10257"
email id of <mdm server> <string> The email address entered by the user upon enrollment to this server
personal device flag of <mdm server> <boolean> The value indicated by the user whether this device is a personal device or belongs to the organization, upon enrollment to this server
enrolled flag of <mdm server> <boolean> Whether or not the device is enrolled in management
authenticated flag of <mdm server> <boolean> Whether or not the device has been authenticated
enrollment mode of <mdm server> <string> The mode under which this device enrolled ("basic", "password", or "pin")
current client contract of <mdm server> <integer> The contract number this device is using to communicate with the MDM server. If the contract number is too low or too high for the server, then they will not be able to communicate
max server contract of <mdm server> <integer> The currently highest supported contract by the server
enrollment time of <mdm server> <time> The time the device enrolled under management
authentication time of <mdm server> <time> The time the device's enrollment was authenticated
last app report time of <mdm server> <time> The last time the Mobile Client app reported in a jailbreak / location status update

 

Server Communication

Key Phrase Return Type Description
last server communication <server communication> Creation method for <server communication>
time of <server communication> <time> Time object representing the last time the device reported to the server, and thus the last time all properties reportable by relevance were refreshed on the server

 

Security Policy

The security policy represents the effective security restrictions on the device resulting from all installed configuration profiles. Note that many of these properties are phrased negatively as "disallow [policy]" and not positively as "allow [policy]". This is because the device only reports a value if it is restricted, and does not report if it is not restricted. Thus, it is more accurate to phrase them negatively. For such boolean values that are not reported by the device, the property will return false, it is not disallowed. For other policy values that are not set on the device, the property will not exist (e.g. `NOT exists minutes to auto lock of security policy` would be true on a device that is not configured to auto lock).



For more information about these values, please reference the iPhone Configuration Utility.

 

Key Phrase Return Type Description
security policy <security policy> Creation method for <security policy>
overall compliant of <security policy> <boolean> True if the user's password is compliant with the overall policy on the device, including those set by Exchange and other such accounts on the device.
password compliant with profiles of <security policy> <boolean> True if the user's password is compliant with the configuration profiles set on the device, ignoring policies from accounts such as Exchange.
password enabled of <security policy> <boolean> True if the user currently has a password set on the device
password required of <security policy> <boolean> True if policy requires the user to set a password
password alphanumeric of <security policy> <boolean> True if policy requires an alphanumeric password (and not simply a numeric one)
password max failed attempts of <security policy> <integer> The maximum number of failed attempts to login before all data on the device is wiped
minutes to auto lock of <security policy> <integer> The device automatically locks after this number of minutes elapses.
allow simple password of <security policy> <boolean> Allows the use of repeating, ascending, and descending values
password min length of <security policy> <integer> Minimum length of password allowed
password history of <security policy> <integer> The number of unique passwords a user must set before reuse
password min complex characters of <security policy> <integer> Minimum number of non-alphanumeric characters required
allow camera of <security policy> <boolean> True if the use of camera is allowed. (Note: This is the only "allow" property because this property is available on other mobile platforms as well)
force encrypted backup of <security policy> <boolean> Force encryption on all iTunes backups
lock grace period of <security policy> <integer> Amount of time the device back be locked before prompting for password on unlock
max password age of <security policy> <integer> Number of days after which the password must be changed
force itunes store password of <security policy> <boolean> Force user to enter iTunes password for all purchases
disallowed items of <security policy> plural <string> A plural string containing a list of items that have been disallowed
disallow camera of <security policy> <boolean> If true, camera is disallowed
disallow installing apps of <security policy> <boolean> If true, Apple App Store is disallowed
disallow removing apps of <security policy> <boolean> If true, removing installed applications is disallowed
disallow facetime of <security policy> <boolean> If true, user cannot receive or place Facetime calls
disallow imessage of <security policy> <boolean> If true, iMessage is disabled
disallow screen capture of <security policy> <boolean> If true, screen capture is disallowed
disallow automatic sync while roaming of <security policy> <boolean> If true, automatic sync will not take place when device is roaming
disallow voice dialing of <security policy> <boolean> If true, user cannot use voice commands to dial
disallow in app purchase of <security policy> <boolean> If true, user cannot make in-app purchases
disallow multiplayer gaming of <security policy> <boolean> If true, user cannot play multi-player games in Game Center
disallow adding game center friends of <security policy> <boolean> If true, user cannot add friends in Game Center
disallow youtube of <security policy> <boolean> If true, Youtube is disallowed
disallow itunes of <security policy> <boolean> If true, iTunes is disallowed
disallow safari of <security policy> <boolean> If true, Safari is disallowed
disallow siri of <security policy> <boolean> If true, Siri is disallowed
force siri profanity filter of <security policy> <boolean> If true, Siri profanity filter is enforced
disallow icloud backup of <security policy> <boolean> If true, backup to iCloud is disallowed
disallow icloud document sync of <security policy> <boolean> If true, sync of documents in iCloud is disallowed
disallow photo stream of <security policy> <boolean> If true, Photo Stream is disallowed
disallow diagnostic submission of <security policy> <boolean> If true, iOS diagnostic information cannot be sent to apple
disallow untrusted tls certificates of <security policy> <boolean> If true, user will not be prompted to accept untrusted TLS certificates; they will all be unaccepted. This applies to Mail, Contacts, Calendar and Safari.
safari disable autofill of <security policy> <boolean> If true, Safari will not remember and autofill form data
safari force fraud warning of <security policy> <boolean> If true, Safari will warn the user about websites that appear to be fraudulent
safari disable javascript of <security policy> <boolean> If true, Safari will ignore all javascript
safari block popups of <security policy> <boolean> If true, Safari will block all popups
safari accept cookies of <security policy> <string> Safari's cookie policy, either "Never", "From Visited Sites", or "Always"
allowed movie rating of <security policy> <string> A number representing the allowed movie rating
allowed tv show rating of <security policy> <string> A number representing the allowed tv rating
allowed app rating of <security policy> <string> A number representing the allowed app rating
disallow explicit music of <security policy> <boolean> If true, explicit music and video are hidden in the iTunes store

 

Configuration Profile and Configuration Profile Payload ==

Configuration profiles enforce security policy or provide configuration enhancement to the iOS device. Following is some meta-information that may be inspected about installed configuration profiles:

Key Phrase Return Type Description
configuration profiles plural <configuration profile> Creation method for <configuration profile>
display name of <configuration profile> <string>  
description of <configuration profile> <string>  
identifier of <configuration profile> <string> Unique identifier of profile (e.g. com.company.restrictions)
organization of <configuration profile> <string>  
version of <configuration profile> <integer>  
has removal passcode of <configuration profile> <boolean> If true, the user must enter a password before this configuration profile may be removed
encrypted flag of <configuration profile> <boolean> If true, the configuration profile was encrypted upon install
removal disallowed of <configuration profile> <boolean> If true, the user is not allowed to remove this profile at all
uuid of <configuration profile> <string> Unique internal identifier of profile
signer certificates of <configuration profile> plural <string> Certificates used to sign this profile
payloads of <configuration profile> plural <configuration profile payload>

Creation method for <configuration profile payload>.

One configuration profile may have multiple payloads attached to it, whose properties are similar to that of the <configuration profile> itself.

description of <configuration profile payload> <string>  
display name of <configuration profile payload> <string>  
identifier of <configuration profile payload> <string>  
organization of <configuration profile payload> <string>  
type of <configuration profile payload> <string>  
version of <configuration profile payload> <integer>  

 

Provisioning Profile

A provisioning profile allows a device to install an iOS app signed for ad-hoc distribution, i.e. enterprise apps not distributed on the App Store.

Key Phrase Return Type Description
provisioning profiles plural <provisioning profile> Creation method for <provisioning profile>
expiration time of <provisioning profile> <time> The expiration time of the provisioning profile
name of <provisioning profile> <string> Name of provisioning profile
uuid of <provisioning profile> <string> Unique identifier of provisioning profile

 

Certificate

Certificate represents an installed / trusted certificate on the iOS device.

Key Phrase Return Type Description
installed certificates plural <certificate> Creation method for <certificate>
common name of <certificate> <string> Common name of the certificate
data of <certificate> <string> The content of the certificate in DER-encoded X.509 format
identity flag of <certificate> <boolean> True if this is an identity certificate
expiration time of <certificate> <time> The time at which the certificate expires (corresponds to "not_after" property)
effective time of <certificate> <time> The time at which the certificate becomes effective (corresponds to "not_before" property)
issuer of <certificate> <string> The issuer distinguished name
subject of <certificate> <string> The subject distinguished name
serial of <certificate> <string> The serial number of the certificate
public key of <certificate> <string> The PEM encoded string containing this certificate's public key
extensions of <certificate> plural <certificate extension> Creation method for <certificate extension>

 

Certificate Extension

A certificate extension represents a specific kind of metadata Certificates.

Key Phrase Return Type Description
extensions of <certificate> plural <certificate extension>

Creation method for <certificate extension>

Enumerates all extensions contained in this certificate.

name of <certificate extension> <string> The name of this extension (e.g. "keyUsage", "basicConstraints")
value of <certificate extension> <string> The value of this extension (e.g. "Digital Signature", "CA:TRUE")
critical flag of <certificate extension> <boolean> Whether this extension is marked as critical or not

 

App

App represents an installed application on the iOS device.

Key Phrase Return Type Description
installed applications plural <app> Creation method for <app>
bundle size of <app> <integer> The size of the application itself
data size of <app> <integer> The size of "Documents & Data" that belong to the app
identifier of <app> <string> The bundle identifier of the app (e.g. com.ibm.tivoli.mobileclient)
name of <app> <string> The name of the app (e.g. "Mobile Client")
version of <app> <version> The version of the app
short version of <app> <integer> The short version of the app
managed flag of <app> <boolean> True if this app is a "managed app" (for which see below)
management status of <app> <string> The current management status of the app (see below)
management flags of <app> <integer> The management flags of the app (see below)

 

Managed Application

On iOS 5, applications may be installed via an MDM (Mobile Device Management) server as a "managed application". This facilitates removing applications upon un-enrollment from MDM management, not allowing data from such apps to be backed up to iTunes or iCloud, as well as installing paid App Store apps via VPP without any cost to the end user.

Note: A "managed application" is not necessarily an "installed application". An application which was once installed as a managed app and then uninstalled should still be reported as a managed app. So, careful attention should be paid to the management status of an application.

Key Phrase Return Type Description
managed applications plural <managed application> Creation method for <managed application>
identifier of <managed application> <string> Bundle identifier of app
management flags of <managed application> <integer>

Bit field.

1 - The app will be removed when the MDM profile is removed

4 - The app's data will not be backed up to iTunes/iCloud

5 - Both of these apply

status of <managed application> <string> A string representing the current status of this app. Some examples: Managed, ManagedButUninstalled, Installing, etc.
redemption code of <managed application> <redemption code> The VPP redemption code applied to install this paid app on this device.

 

Redemption Code

As mentioned above, managed applications allow the install of paid App Store apps via VPP (Volume Purchase Program). These inspectors may be used to report on which codes have been used by a given device.

Key Phrase Return Type Description
redemption codes plural <redemption code>

Creation method for <redemption code>.

Enumerates all VPP redemption codes used by this device.

code of <redemption code> <string> The actual redemption code string, e.g. "ZFJ1230FJD"
used time of <redemption code> <time> The time at which this code was used by this device
app identifier of <redemption code> <string> The app bundle identifier that this code applies to

 

Recommended Application

Recommended applications are the applications that appear within the IBM Mobile Client app, which may be used to distribute enterprise apps, provide access to VPP App Store apps, or even just to recommend an App Store app for install. These apps are recommended via the "Recommended Apps" dashboard within the Mobile Device Management site within the TEM Console.

Key Phrase Return Type Description
recommended applications plural <recommended application> Creation method for <recommended application>
name of <recommended application> <string> Display name of the app
identifier of <recommended application> <string> Bundle identifier of the app
version of <recommended application> <version> Version of the app
categories of <recommended application> plural <string> Categories this app is assigned to
description of <recommended application> <string> Description string that appears within Mobile Client app
publisher of <recommended application> <string> Publisher of the app
url of <recommended application> <string> URL of the hosted enterprise app. (This does not apply to App Store apps)
sha1 of <recommended application> <string> SHA1 digest of the hosted enterprise app. (This does not apply to App Store apps)
size of <recommended application> <integer> Size of the hosted enterprise app. (This does not apply to App Store apps)
hosted flag of <recommended application> <boolean> True if this is a hosted enterprise app, False if it is an App Store app
ready flag of <recommended application> <boolean> True if this app is downloaded to the MDM Server and available for end users to download, false if it has not yet been downloaded to the MDM Server.

 

Correlation Keys

Correlation keys are unique identifying information about a device that can be used to correlation devices that gather different information from different sources (i.e. an Apple iOS device also reporting as a different entity via the Exchange proxy plugin).

 

Key Phrase Return Type Description
correlation keys plural <correlation key> Creation method for <correlation key>
name of <correlation key> <string> Name of the correlation key (e.g. "Serial Number")
value of <correlation key> <string> Value of the correlation key (e.g. "D97YGQ12CQK7")

 

Enrollment Answers

Enrollment answers represent the end-user's answers to the questions that were asked upon enrollment. These inspectors will only be available if your iOS extender is configured with custom enrollment questions at the time of the device enrolling in management.

 

Key Phrase Return Type Description
enrollment answers plural <enrollment answer>

Creation method for <enrollment answer>

Enumerates all enrollment answers

enrollment answer "<string>" <enrollment answer>

Creation method for <enrollment answer>

Allows for specifying a specific answer rather than enumerating through all the answers. (e.g. `enrollment answer "department"`)

id of <enrollment answer> <string> ID of the enrollment question this answer belongs to as specified in the custom enrollment questions dashboard. (i.e. "department")
value of <enrollment answer> <string>

Value of the enrollment answer (i.e. "Development")

 

GPS

Information about Location Services. These inspectors are only available when users have the IBM Mobile Client app version 8.2.20001 or newer.

Key Phrase Return Type Description
gps <gps> Creation method for <gps>
supported of <gps> <boolean> Returns true if location services is supported by this device. (Always returns true; this is included for parity with Android inspectors)
enabled of <gps> <boolean> Whether the user has enabled Location Services or not
allowed of <gps> <boolean> Whether the user has allowed the app to track location or not.
latitude of <gps> <floating point> Current latitude
longitude of <gps> <floating point> Current longitude
sample time of <gps> <time> Time at which readings were last measured