Declarative Device Management is buggy

Hello everyone,

I was trying out Declarative Device Management on my iOS 16 device to get a feeling of how it works. While trying out the new protocol i managed to find some bugs in the behavior of Declarative Device Management.

  1. When subscribing to the "passcode.is-compliant" state the device initially sends the state "passcode.is-compliant==false" but will never (even after hours) send "passcode.is-compliant== true", even when the device is definately complying to a complex passcode policy and even when no passcode policy is present. This state also didn't work as a predicate for an activation in the form of "(@state(passcode.is-compliant) == TRUE)". The referenced configuration was never activated even after the device definately complied with the installed passcode policy.

  2. When subscribing to the "passcode.is-present" state the device will initially send the correct state but then never update the state even when clearing the passcode and re entering it again multiple times and even after waiting for 10 minutes.

  3. When using an activation with predicate "(@state(passcode.is-present) == TRUE)" the device will correctly install the referenced configuration but after removing the passcode it will not remove the configuration even though it should

  4. After reenrolling the device and reactivating Declarative Device Management the device reported the state "passcode.is-present==true" even though the device didn't have a passcode present.

Can anyone else confirm this behavior?

Thanks and have a nice day

Please test this with iOS 16.1. If it is still a problem, please file a bug report with a sysdiagnose.

Thanks for your reply.

With iOS 16.1 the device is now correctly updating its' "passcode.is-compliant" and "passcode.is-present" states but it seems that it still won't reevaluate the corresponding activations. (I waited for ~5 hours for the device to reevaluate the activation)

If the device doesn't reevaluate the "passcode.is-compliant" / "passcode.is-present" activations until tomorrow then I will submit a bug report.

Testing this with iOS 16.5 and seeing similar results. Excerpts from status report:

"passcode" : { "is-present" : true, "is-compliant" : true }, ...

"Activation’s (4960d530-d83f-4c69-9bfe-9d74c5d836c4:b1ce874d-a2ea-3c36-aeb4-e7d5d7fa56b0) predicate (status.passcode.is-compliant == 1) evaluated to false."

The predicate sent to the device was written as @status(passcode.is-compliant) == TRUE

Declarative Device Management is buggy
 
 
Q