Problem Description:
A App Store (VPP - B2B) app distributed to a device through MDM is not installing. The "InstalledApplicationList" response doesn't have the app in it. The "ManagedApplicationList" response has the app with status as "ManagedButUninstalled". But this cannot happen since there is a restriction - allowAppRemoval is set to false for this device which prevents the removal of installed apps in that device. This is applied before the app was distributed to MDM.
Steps to reproduce:
- Enroll a device in MDM.
- Use restrictions payload[com.apple.applicationaccess] with a key "allowAppRemoval" set to "true".
- Distribute an app to device.
- Perform operations to fetch "InstalledApplicationList" and "ManagedApplicationList".
Expected Result: The device should install the app successfully and ManagedApplicationList response should return "Managed" status for the app.
Actual Result: The device doesn't install the app and "ManagedApplicationList" returns "ManagedButUninstalled" status.
InstallApplication Response:
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>CommandUUID</key>
<string>InstallApplication;Collection=899898</string>
<key>Identifier</key>
<string>pad.xxxx.ilD</string>
<key>State</key>
<string>Installing</string>
<key>Status</key>
<string>Acknowledged</string>
<key>UDID</key>
<string>000000-00000000-00000000</string>
</dict>
</plist>
ManagedApplicationList Response:
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>CommandUUID</key>
<string>ManagedApplicationList</string>
<key>ManagedApplicationList</key>
<dict>
<key>com.manageengine.mdm.iosagent</key>
<dict>
<key>ExternalVersionIdentifier</key>
<integer>857024336</integer>
<key>HasConfiguration</key>
<true/>
<key>HasFeedback</key>
<true/>
<key>IsValidated</key>
<true/>
<key>ManagementFlags</key>
<integer>5</integer>
<key>Status</key>
<string>Managed</string>
</dict>
<key>com.teamviewer.teamviewerQS</key>
<dict>
<key>ExternalVersionIdentifier</key>
<integer>851678159</integer>
<key>HasConfiguration</key>
<false/>
<key>HasFeedback</key>
<false/>
<key>IsValidated</key>
<true/>
<key>ManagementFlags</key>
<integer>5</integer>
<key>Status</key>
<string>Managed</string>
</dict>
<key>pad.xxxx.ilD</key>
<dict>
<key>ExternalVersionIdentifier</key>
<integer>857489710</integer>
<key>HasConfiguration</key>
<true/>
<key>HasFeedback</key>
<false/>
<key>IsValidated</key>
<false/>
<key>ManagementFlags</key>
<integer>5</integer>
<key>Status</key>
<string>ManagedButUninstalled</string>
</dict>
</dict>
<key>Status</key>
<string>Acknowledged</string>
<key>UDID</key>
<string>000000-00000000-00000000</string>
</dict>
</plist>
Restrictions Response:
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>CommandUUID</key>
<string>Restrictions</string>
<key>GlobalRestrictions</key>
<dict>
<key>intersection</key>
<dict>
<key>autonomousSingleAppModePermittedAppIDs</key>
<dict>
<key>values</key>
<array>
<string>pad.xxxx.ilD</string>
</array>
</dict>
<key>whitelistedAppBundleIDs</key>
<dict>
<key>values</key>
<array>
<string>pad.xxxx.ilD</string>
<string>com.manageengine.mdm.iosagent</string>
<string>com.teamviewer.teamviewerQS</string>
</array>
</dict>
</dict>
<key>restrictedBool</key>
<dict>
<key>allowAppRemoval</key>
<dict>
<key>value</key>
<false/>
</dict>
</dict>
<key>restrictedValue</key>
<dict>
<key>maxInactivity</key>
<dict>
<key>value</key>
<integer>5</integer>
</dict>
</dict>
<key>union</key>
<dict>
<key>blacklistedAppBundleIDs</key>
<dict>
<key>values</key>
<array>
<string>com.google.Drive</string>
<string>com.apple.news</string>
</array>
</dict>
</dict>
</dict>
<key>Status</key>
<string>Acknowledged</string>
<key>UDID</key>
<string>000000-00000000-00000000</string>
</dict>
</plist>
