NEFilterControlProvider and NEFilterDataProvider only available for supervised devices
| Originator: | KrauseFx | ||
| Number: | rdar://37878136 | Date Originated: | February 25 2018 |
| Status: | Open | Resolved: | |
| Product: | Product Version: | ||
| Classification: | Reproducible: |
Area: Network Extensions Framework Summary: NEFilterControlProvider and NEFilterDataProvider only available for supervised devices and local development builds. This API is genuinely useful for mobile developers, and they shouldn't be limited to just supervised devices. For example: there have been lots of iOS apps that promise to show more detailed data usage graphs. After installing the app, they'd install a VPN service on your phone, without really communicating that to the user, causing all network traffic to be routed through a (potentially dangerous) third party VPN provider. By removing the supervised device limitation for the NEFilterControlProvider and NEFilterDataProvider classes, developers would be able to build those kinds of apps, without putting the end-user at risk for potential data theft and general hijacking of web requests. Some example use cases: - Show detailed data usage per host of your whole phone - Block certain web hosts for your whole iPhone, to protect the user's privacy by blocking certain analytics services - Build an app that shows what hosts have been contacted, and offer a way to block some of them, to avoid "data leaks" to certain companies Version/Build: Xcode 9.2 Configuration:
Comments
Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!
This was mentioned in the WWDC session 2015 "What's New in Network Extension and VPN": > And you have the ability to send back a customizable block page to the user when they try to access something that they are not allowed to access. > Now, NEFilter provider only works on supervised devices. > We are targeting this at schools, schools that own their devices, are locking them down so that users can't install new apps or change settings.