I’ve learned that it’s possible to inject new configuration to MDM managed application using MDM so that the managed app configuration changes that are pushed down from an MDM server appear in NSUSerDefaults.
Then I can add an observer to be notified of any changes occurs in NSUserDefaults.
The app configuration will be stored in the following key:com.apple.configuration.managed
A usage example can be look like this :
if let managedConf = UserDefaults.standard.object(forKey: "com.apple.configuration.managed") as? [String:Any?] {
if let serverURL = managedConf["serverURL"] as? String{
return serverURL
}
}
However, what prevent another entity from modifying the configuration outside the MDM… as I understand NSUserDefaults are writable even from terminal so there’s no limitation to just push new configuration which are unauthorized.
an example of changing configuration can be:
managedConf["serverURL"] = "BAD_SERVER_NAME"
let defaults = UserDefaults.standard
defaults.set(managedConf, forKey: "com.apple.configuration.managed")
Perhaps it’s only possible for writing the application’s userDefault from within the application ?
