How does MDM in IOS really work?

I’m going to attend a MDM project in iOS (client side) but after searching, I still don’t know how MDM really works. Can anyone explain something for me?

Problem:

  • Updating iOS apps automatically with an MDM + Enterprise license
  • Way to Programmatically Reboot iOS Device?
  • MDM OTA: Last profile in iDevice enrollment
  • How to set MDM Payload's “Identity” in iPCU?
  • Can I prevent an iOS user from changing the date and time?
  • Programmatically verify an MDM profile (configuration) has been successfully pushed to an iOS device?
  • My server needs to control the list of applications are installed on devices (install and remove app).

    Expected Solution:

    • There need an app installed on devices which plays the role of client (MY APP).
    • When needed, server will push a notification to client via Apple push notification server.
    • After receiving notification, client app will connect to server to get server command (ex: installing app A)
    • After getting command, MY APP automatically download A and install it.

    My question: Is that the way MDM work?

    • If yes, how MY APP can install another app when it has no right to do it (due to sandbox) and whether server can config the access right for an app on devices. If possible, anyone can give me an example of code for MDM client side to clear my stuff things?

    • If no, it means that the server will be the one who install app A on device (instead of MY APP). In that case, how server can do that?

    2 Solutions Collect From Internet About “How does MDM in IOS really work?”

    iOS MDM is clientless protocol. So, you develop a server, but you don’t develop a client application for it. Actually, there is a client app, but it’s developed by Apple and built into operation system.

    So, your server will send a command, built-in MDM client will receive and execute it.

    Generally speaking, if you want to develop MDM server, you need to register into Enterprise Developer Program and get MDM documentation.

    There is some reverse engineered documentation here: http://media.blackhat.com/bh-us-11/Schuetz/BH_US_11_Schuetz_InsideAppleMDM_WP.pdf

    And iOS MDM protocol support Install/Remove application command.

    MDM means Mobile Device Management. This is same concept used in many corporations have been using for desktops and laptops. They installs some softwares on PCs that allows to monitor activities on those PCs. Same way in MDM they installs applications on your mobile device that allows to monitor activities on mobile devices.

    You can refer some MDM provider to get batter idea. e.g. http://www.air-watch.com/