Hi all,
We deploy custom iOS/ipadOS apps to our iPads via jamf cloud. The apps are add-hoc releases using our distribution profile that includes all the iPads UUID. We then upload the apps to jamf and from there send it to our iPads.
When we deploy new versions of existing apps, we ran into issues where jamf would not update the app. After checking the iPad logs on the console, we found the follow errors that occurs every time jamf tries to push the new app:
default 12:47:03.239756-0700 dmd container_acquire_sandbox_extension: success
default 12:47:03.239780-0700 dmd container_acquire_sandbox_extension com.myCompany.myApp succeeded for path '/private/var/mobile/Containers/Data/Application/93DBC421-803E-48B5-B704-429908066041'
error 12:47:03.240395-0700 cfprefsd rejecting read of { com.myCompany.myApp, mobile, kCFPreferencesCurrentHost, /Library/Managed Preferences/mobile/com.myCompany.myApp.plist, managed: 1 } from process 122 (dmd) because accessing these preferences requires user-preference-read or file-read-data sandbox access
fault 12:47:03.240600-0700 dmd Couldn't read values in CFPrefsManagedSource<0xda8a2c9a0> (Domain: com.myCompany.myApp, User: kCFPreferencesCurrentUser, ByHost: Yes, Container: (null), Contents Need Refresh: Yes): accessing these preferences requires user-preference-read or file-read-data sandbox access
default 12:47:03.240695-0700 dmd Revoking sandbox extension; key = 43
It seems as if the MDM process cannot update the app because of missing entitlements? Weird enough, this does not happen on all our iPads, only on a subset and we have not found the pattern yet to narrow down what the issue is.
We reached out to jamf but they claim the issue is with our app. But we can't really figure out what we would have to do to our app to let the MDM process update it.
When searching for this on google we found some related issues for macOS apps but nothing for iOS/ipadOS. Any hints or pointers what the issue with our app could be? Thanks!