VMware Workspace ONE Community
mibir
Contributor
Contributor

iOS 13 Devices Marked as Compromised

Hey All,

Curious if anyone has any folks already upgrading to iOS 13 and if they are seeing any issues with devices being marked as compromised. We have 9 developers that have upgraded for testing and 3 of the 9 have been marked as compromised after upgrading but 6 of them seem to be fine. I'm guessing something is going a little weird during the update process that confuses Intelligent Hub but was curious if anyone else is seeing odd behavior.
Labels (1)
100 Replies
stevewalker2018
Contributor
Contributor

Hi Guenter G, we have the same issue here. I have been working a support call with VMware support for weeks now, but they appear to be struggling to give me an answer on why this is happening. We do not use Boxer and our hub version is 19.10 (41). The only thing we did find if we removed and reinstalled the hub (which then prompted us for Server URL and Group ID) the issue went away, but this is not a workable fix. I'm hoping once Hub 19.11 is released the issue will go away. A disappointing response from support so far.
Reply
0 Kudos
alldaymcrae
Contributor
Contributor

Any update on this> We're experiencing the same issue with boxer 5.12 and Hub 19.10 with Device comprised turned off with the email compliance policy and with the Apps section under groups and settings and with ipads/iphones on the 13..1.2 and 13.2.2 and 13.2.3 so it doesn't seem to be IOS version specific it looks to be bug on workspaceone side. I have opened a ticket yet but from this forum it looks like they don't have fix. It looks to be random as well it happens on some devices but not all.

Anyone have the same setup? Wondering if anyone has heard anything from support on ETA when this is going to be fixed.
Reply
0 Kudos
MarkSchwantje
Enthusiast
Enthusiast

I opened a ticket about this towards the beginning of November. The assigned engineer stated it is an incompatibility issue related to any AW SDK enabled app, such as Boxer, Web, etc. and iOS 13.x. He said the only app that has been fixed is Hub 19.10.

I find it very strange that iOS 13 was released more than 2 months ago, and they still haven't released compatible versions of their SDK enabled apps. Additionally, why hasn't there been any announcement regarding this issue?  And I would expect a lot more people complaining about this, since it would seem to impact every AirWatch customer.
Reply
0 Kudos
alldaymcrae
Contributor
Contributor

Thanks Mark - Thats what I was worried about. I just updated everything to 19.0.9.4 hoping that they had pushed a fix out. I also noticed the same thing that is strange. I don't see on there release page either.


Reply
0 Kudos
Stansfield
Enthusiast
Enthusiast

I think most customers have just given up we had a ticket back at the start of iOS 13 and they would not even tell us anything or keep the ticket open to monitor they just referred us to this thread, at this point they need to stop advertising it as a feature since it does not work and they apparently have no intention of fixing it ever.  Also they do not announce known issues or admit to them that would be helpful
Reply
0 Kudos
ScottWitmer
Contributor
Contributor

We've also had this issue since mid October or earlier and a ticket since then.   I've had the suggestion to make sure all the apps are upgraded and that's about as far as the support has gone.  I've asked to help pinpoint when and why the compromised status happened but haven't gotten anywhere.  My ticket was closed and reopened, at least, twice and I've dealt with several people.   I had more than one issue.   One user got an email that her iPad (fully managed) was in compromised status.   I can't find in the settings where the email compliance is.   So one person got the compromised email about her fully managed iPad and nothing happened.   Another 2 people had their Boxer email wiped.  This happened to only two people and it happened to both of them twice after OS updates.   I had to wipe the managed device to get email working again.  So I have two different things happening but both the result of a compromised status.   the managed devices don't have the Intelligent hub.  They do have Boxer, Web, and Tunnel.   Tunnel was the out of date app that I've since updated.   Would that cause the issue?  I haven't seen another one go into compromised status since the Tunnel update but I'm also not sure there have been any OS updates to trigger it.   I haven't really gotten anywhere with support.  Right now I just have my fingers crossed.
Reply
0 Kudos
alldaymcrae
Contributor
Contributor

Anyone else experiencing this issue using boxer under the VPP program?
Reply
0 Kudos
GuenterGruber
Contributor
Contributor

We are using VPP but not Boxer. We also tested with the iOS 13.x beta versions but the issue didn´t occure at this time. It´s also curious that only about 1300 devices from 16.500 with iOS 13.x are affected (but getting more every day).
Reply
0 Kudos
ThomasBeckerTho
Enthusiast
Enthusiast

Jeremy M. and Scott W.
We are using VPP with Boxer and Tunnel. As written by me, I could narrow my issue down that it only happens since 13.2 and onward using Boxer and Tunnel. As soon as Boxer establishes the VPN connection it gets compromised. We also have another older configuration where we also use Boxer but without Tunnel. This setup is working fine so far.
I also have a support ticket open but with no results so far.
Reply
0 Kudos
alldaymcrae
Contributor
Contributor

And when you say compromised are you seeing that under the devices that its being compromised? What effect is it having on boxer? In our case its wiping config for boxer but not removing the app itself? And technically, we're not seeing that its being compromised within the device when this happens. The more I investigate our issue it is looking more and more that its not related to this forum. I'm probably going to start a new one. I talked with support and they said just like Mark S was talking about said that its related to the default SDK code and they're working on this issue internally.


One thing to try is make sure all settings in regards to compromised devices is turned it off for now until they resolve the issue. Including in the your compliance policy in the Email Section of your configuration.

Reply
0 Kudos
ThomasBeckerTho
Enthusiast
Enthusiast

Jeremy M.
We can see it in the console that the device is compromised. Also Boxer tells me it is being wiped because its compromised. Actually the message in the background while this happens says ' my exchange administrator sent a device wipe'  but that not true. So the behavior for Boxer is the same as yours.

So far we have zero compliance policies for the devices or for email and compromised detection in the console settings is turned off. The sad thing is that the devices still get compromised therefore we effectively have no way to avoid this other than keeping the update to 13.2 back.

Today I had a call with VMware about my support ticket and they told me that this problem is because of the SDK version Boxer uses. So its definitively a problem in the Boxer code. They are still working on solving this issue.
Reply
0 Kudos
AndreasDoerfler
Contributor
Contributor

well, we had (have?) smilar problems with the release of 13.2.3. on my supervised test devices (iphone and ipad) a had 2 devices wipes in a row by installing vmware notebook and opening it, because my devices are ' compromised' . after i reployed to devices i couldn't reproduce it.


so far this didn't happen to any user, even when the only difference between admin and user profile are the hold time when users are allowed to install new ios versions.


my faith in this mdm is dropping by the week...

Reply
0 Kudos
alldaymcrae
Contributor
Contributor

Thanks Thomas.. I did end up creating a new forum for the specific error we're getting if anyone is interested. From your notes it is a little different then what where getting. You can find more here: https://support.workspaceone.com/posts/360037702793


But from what your saying they're related it looks like just little bit different behavior. AND WE' RE NOT SEEING THE DEVICE BEING COMPROMISED within the device

Reply
0 Kudos
alldaymcrae
Contributor
Contributor

Here is the official statement I got form Support:

As it was mentioned yesterday by Aarti, issue seems to be related to SDK which is currently having some issue with the iOS13 detecting them as compromised devices. We are still running some validations to confirm you this, during the time please keep us posted if you see new device getting wiped on Boxer.

So it does look to be related all around just different behavior.
Reply
0 Kudos
MarkSchwantje
Enthusiast
Enthusiast

I can't even believe they would come back to you and say ' We are still running some validations to confirm you this' . Assuming this is really the case, what on earth have they been doing for the last 2 months since iOS 13.x was officially released and this issue reported?
Reply
0 Kudos
alldaymcrae
Contributor
Contributor

Our use case is a little different at the time of the IOS release. We just started running into this about 3 weeks ago. I only have about 1//2 a department using boxer at this time we were still in the testing phases when 13x first came out so it was just me and few people that even had boxer. The rest are still using the Native Mail App across the company. But I agree, it is concerning and frustrating that its been an issue for over two months and they still don't have resolution yet. . At this time I have the time to wait because of the holidays but yea if this is still a thing 2 more months from now we will end up going a different direction.

Reply
0 Kudos
ThomasBeckerTho
Enthusiast
Enthusiast

I got my issue fixed by VMware last Friday. We had to set a bypass rule in the network traffic settings for VMware Tunnel for the following urls.
api.na1.region.data.vmwservices.com
discovery.awmdm.com
signing.awmdm.com
With that in place Boxer no longer reported a compromise. It looks like that Boxer has to do some online checks for the compromised detection. I don't know why this can't be done offline but it work for us so far. Support told me that this workaround will be implemented in the next Boxer release so you don't have to set a bypass rule.
Reply
0 Kudos
alldaymcrae
Contributor
Contributor

Thomas  B - Are you hosted or on-prem?
Reply
0 Kudos
AdamBarlow
Contributor
Contributor

Thomas' solution also worked for us. I created a bypass rule for client traffic for Boxer with the listed URLs. We are running in the hosted environment. Thanks for the update Thomas.
Reply
0 Kudos
ThomasBeckerTho
Enthusiast
Enthusiast

We are on-prem.
Reply
0 Kudos