With the iPhone rapidly becoming an accepted business phone for many companies, I’ve been interested to read about the changes that the forthcoming iPhone 4 and iOS 4 will bring.
To be honest there isn’t a huge amount of info out there, but the info that is available is quite positive. There’s a page on apple.com with some basic details. The main areas that Apple seem to be addressing are security and management, both of which have been question marks in the past. Specifically the talk about:
Data Protection
Security enhancements in iPhone OS 4 protect email messages and attachments stored on iPhone 3GS by using the device passcode as an encryption key. New data protection APIs can be used for custom and commercial apps so that business-critical information is protected even if a device is compromised.
This is good news, but I still think Apple need to be clearer about exactly what sort of encryption is used etc. The 3GS’s are meant to be encrypted, but there’s pretty strong indications that this isn’t quite as strong as you would hope [1, 2, 3]. If Apple can get this right it’ll open a lot of doors from them in business, as they’re still some way behind RIM’s Blackberry and Microsoft’s Windows Phone platforms. Both of these offer significantly more control over encryption, and in combination with device management tools can both be configured to accredited security levels (up to ‘RESTRICTED’ I believe).
Mobile Device Management
Deploying and managing large iPhone fleets will be even easier with iPhone OS 4. New Mobile Device Management APIs can be integrated with third-party solutions to wirelessly configure and update settings, monitor compliance with corporate policies, and even wipe or lock managed iPhone devices.
To their credit Apple have supported a level of device management for a while through their implementation of Microsoft’s ActiveSync. This at least allows basic policy enforcement on devices connecting in through Exchange. By providing more complete API’s into a management interface however hopefully iPhones will begin to support a much wider range of management features. The obvious gaps currently are around password/pin polices, encryption and granular control of features and functionality. There are a number of products in the market to manage mobile devices [1, 2, 3], so hopefully we’ll see these begin to support the iPhone as well.
Wireless App Distribution
iPhone OS 4 enables enterprises to securely host and wirelessly distribute in-house apps to employees over Wi-Fi and 3G. Apps can be updated without requiring users to connect to their computers.
This has the potential to unlock the iPhone/iPad to a new group of developers. Previously it’s been quite tricky to develop in house Line of Business applications, and critically, to distribute them out to a fleet of devices. The ability to deploy in-house apps over the air will make this much more attractive to organisations.
SSL VPN Support
SSL VPN support in iPhone OS 4 gives users another way to securely access enterprise resources. These new protocols can even be leveraged to connect seamlessly to a corporate network via VPN on Demand. Forthcoming apps from Juniper and Cisco will support SSL VPN on iPhone.
VPN support is obviously a nice thing to have, but I’d be interested to hear how often this is used. In a world where you’re developing and using internal applications it’ll be a very useful tool if those aren’t published to the internet, but for basic email etc generally the existing ActiveSync connection probably offers enough transport security. I guess web access policies could also influence the use of VPN’s if you wanted to force your users through a company proxy server of some sort.
Improved Mail
iPhone OS 4 allows users to set up multiple Exchange ActiveSync accounts and now works with Exchange Server 2010. With the new unified inbox feature, users can see messages from all their email accounts conveniently displayed in a single inbox, or they can quickly switch between inboxes to see messages from any single account. If users receive an attachment that they want to save or edit, Mail now lets you open attachments with compatible apps from the App Store.
Again, I think the mail changes are more ‘nice to haves’ rather than significant improvements to the business features. Though the unified inbox is very well implemented when you see it in use. With the support for multiple ActiveSync accounts, it will be interesting to see how they have implemented the policy management. If you have two ActiveSync connections, each with difference policy enforcement settings, which one wins? Is it whichever is more secure? If so who decided what the more secure value is? I also wonder if this could potentially allow information to leak from one system to another. If mail is synced from one company onto the iPhone, could it then potentially be synced back down to a separate mailbox with the iPhone acting as a hub? I can see how that might be useful for personal contacts, but for potentially sensitive emails etc, it could be a problem.
Now when iPhone 4.0 has been released I tested all the ActiveSync policies to see which ones that worked. Here’s a summary: http://www.sysadminlab.net/activesync/iphone-os-4-and-exchange-activesync-policies-what-really-works