4 Replies
      Latest reply on Aug 13, 2018 1:11 AM by eskimo
      Ainassine Level 1 Level 1 (0 points)

        Hello,

        Recently, for my study at school, I need to develop an app which could tag each data flow(TCP or UDP) with which app it comes from. In that case we can get a <data flow, app name> tuple, and this could do a lot help for our study.

        I'm wondering that is there any good suggestions to make that possible? Does NetworkExtension know which app the data flow come from when it handle with the data flows? I've googled and searched for answers, but the result are not satisfying.

        I've noticed that on my iPhone8 with iOS 11, the System offers us the information of how much cellular data each app has used. Will this API be opened to us or is there any alternative methods to implement that function?

         

        Thank you if you could help me!

        • Re: Does NetworkExtension know which app the data flow comes from?
          eskimo Apple Staff Apple Staff (9,355 points)

          Does NetworkExtension know which app the data flow come from when it handle with the data flows?

          Yes, at least in some cases.  This information is available when you enable per-app VPN, which you can do in two ways:

          • Using an app proxy provider — In this case the identity of the app is available in the metaData property of the NEAppProxyFlow.

          • Using a packet tunnel provider in per-app VPN mode — In this case the metadata is per packet, accessible via the metadata property of NEPacket.

          Be aware that there are significant restrictions on setting up per-app VPN.  You can find a summary of these in this post.

          Share and Enjoy

          Quinn “The Eskimo!”
          Apple Developer Relations, Developer Technical Support, Core OS/Hardware
          let myEmail = "eskimo" + "1" + "@apple.com"

          • Re: Does NetworkExtension know which app the data flow comes from?
            eskimo Apple Staff Apple Staff (9,355 points)

            Oh, one other thing to note is that an RVI packet trace includes app information in the packet metadata, so you can get this information without writing any code on iOS.  See QA1176 Getting a Packet Trace for information on RVI.

            Share and Enjoy

            Quinn “The Eskimo!”
            Apple Developer Relations, Developer Technical Support, Core OS/Hardware
            let myEmail = "eskimo" + "1" + "@apple.com"

              • Re: Does NetworkExtension know which app the data flow comes from?
                Ainassine Level 1 Level 1 (0 points)

                Thank you for your reply, and it really helps a lot. Here I have a new question. It seems that i need to have a MDM server to enable per-app VPN for my app, if I want to release it at app store? Am i right? BTW, for the best result, we hope that our app is able to generate a log of the network flows on devices having our app installed, and the most important thing is we have the app name each flow blengs to noted in our log. Looking forward to your reply.

                  • Re: Does NetworkExtension know which app the data flow comes from?
                    eskimo Apple Staff Apple Staff (9,355 points)

                    The exact requirements for per-app VPN are complex, which is why I pointed you to this post which explains them in detail.  However, to address your specific question:

                    It seems that i need to have a MDM server to enable per-app VPN for my app, if I want to release it at app store? Am i right?

                    If you are:

                    • Working on iOS

                    • Signing your app for something other than Development (that is, Distribution, TestFlight, In-House (Enterprise))

                    then, yes, you can only set up per-app VPN via MDM.

                    Share and Enjoy

                    Quinn “The Eskimo!”
                    Apple Developer Relations, Developer Technical Support, Core OS/Hardware
                    let myEmail = "eskimo" + "1" + "@apple.com"