Codeproof for iOS
by Berislav Kucan - Thursday, 2 May 2013.
Codeproof Technologie is a SaaS (Software-as-a-Service) provider from Redmond that offers a mobile device management (MDM) solution for Android and iOS devices.

This review focuses on the company's cloud solution for managing Apple's iPhone devices. Codeproof is available as a free version with some limitations, or you can buy a monthly ($2.99) or a yearly ($29.99) subscription. The version I tested is 1.020213.

Before installing the software on my iPhone I checked the developer's website to see the difference between the free and the premium pricing plans. According to it, the only difference is that the premium plan offers priority customer support.

If you are logged into Codeproof.com, the "Pricing" link will forward you directly to your dashboard. You can upgrade to premium from there, but you'll still not be told what that option entails. The only workaround is to log out of your account, go to the homepage, click pricing plans, click "Buy," and after all of these clicks you'll get the list of premium features. Talk about web usability...

Mobile device management

The Codeproof app can be downloaded from the iTunes app store and it is basically used for setting up the link between your device and the cloud-based management application. You start with setting up your new account and installing two mobile device management profiles. There are a few usability issues in these initial steps that should be fixed:

a) In case someone calls you or you minimize the app when filling in one of the last input fields in the "Create Codeproof account" screen, coming back to this step will show you just half of the form and you will need to tap "Back" and start filling in the details from scratch.


b) After you install the MDM profile, tapping the "Done" button will bring you back to the "MDM Setup" screen in the browser where you will most likely click the large Continue button, which will start the profile installation process once again. Hitting the "Done" button should forward the user to a page saying something like "Your installation is complete, please go to Codeproof.com to start managing your device".


From now on you will not need the iPhone application any more, as the profile was installed (user perspective) and you can carry on with a browser to access the cloud application (administrator perspective). Do have in mind that for the web interface you'll need to install Microsoft Silverlight. This application framework was released back in 2007 and I must say that this is the first time I needed to install it to run something online.

Before getting to the cloud user interface, you'll need to pass two username/password forms - the first one gets you into your Codeproof.com account and the second input of the same user credentials is needed to land you into the Device Dashboard screen. The initial screen is a quick overview of your device(s) where the user gets alerted if there are some security issues with the iPhone. Green is good, red is bad - you'll get informed in case there is a malicious application active on your device, as well as if it is jailbroken. Jailbreak gets you into red zone, as this could cause further security problems.

Mobile Policy Manager

Mobile Policy Manager is the core of Codeproof's functionality. This is where you enforce customizations as well as limitations to any iOS (or Android) device that is associated with your account. It contains 6 tabs, each of them focusing on a subset of policies.


Device Properties: The initial screen that will list all the installed applications, running processes and policies that you have enabled on the specific device.

iOS Group Policy: The tab in which you can decide on what can and what cannot be done on the device - for instance, you can block the camera, Facetime, screen captures, multi player gaming, voice dialling etc. There are specific policies aimed towards applications such as Safari and YouTube. For Safari you can override any settings done locally and for you can just block Youtube. Every one of the tested blocked policy items worked, but I couldn't make it to block Youtube at all.

The administrator can set up specific policies related to iCloud, passwords, as well as work on media and content restrictions by enforcing limitations based on ratings (from G to NC-17). When doing modifications to any of the policies, the device will show the changes in just a couple of seconds.

iOS Configurations: There are three modules you can setup here - Exchange, WiFi and VPN. With WiFi you can predefine the WLAN access point the iPhone must use, as well as set up the user's credentials. Virtual Private Network details can be set up in the VPN module and if you are running a Codeproof plugin on Microsoft Exchange, you'll get some interesting customization options for that as well. Note to Codeproof: please fix the typing errors - there are two mispronunciations of it just on the top of the Exchange column.


Agent Policy: Nothing special here, the administrator can set up the number of seconds between "heartbeats" from the device to the cloud app.

Command Center: Besides setting up the policies to be enforced, the administrator can be proactive with sending a specific set of commands to the remote device. There are five predefined commands - screen lock, data wipe, send scream, send message and install application. The application holds a log of your commands, but it's too bad you can't "replay" any of them.



The administrator can push an app install link to any application by specifying its AppStore ID or a manifest file.



Locate Me: Classic locating function that in this case uses Bing Maps instead of the "standard" Google Maps. There is an inherent "BadRequest" error on the pin that specifies your location, but other than that it works as expected.


As an admin, you'll see some additional tabs in the interface - App Store and Secure Sync - but these are just available in the premium version. One final thing an administrator can do with Codeproof is to generate reports based on the devices, their policies and usage. Codeproof developers should focus on this part of its cloud offering as it contains a number of bugs:

Silverlight error when you select a larger number of properties the report should focus on:


Unreadable PDF export where data is listed in a long horizontal line, rather than being presented vertically (click for large version):


Device Asset Report is also not readable:


According to the homepage, Codeproof is currently securing 39,000 devices worldwide. I hope they will fix the bugs I came across, as this is a quality service that provides great functions for a fraction of the cost that some other MDM providers charge.



Spotlight

Windows 0-day exploited in ongoing attacks, temporary workarounds offered

Posted on 22 October 2014.  |  A new Windows zero-day vulnerability is being actively exploited in the wild and is primarily a risk to users on servers and workstations that open documents with embedded OLE objects.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Oct 23rd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //