Transfer Text In And Out Of The iOS Simulator Using xcrun

In a previous article, I covered creating, starting, and stopping iOS simulations. macOS comes with a handy tool to interact with the clipboard (aka pasteboard) on a Mac called pbcopy. You can redirect information from a file into your clipboard using the pbcopy command. Here, we’ll simply call pbcopy and then a file path

pbcopy ~/Desktop/transfer.txt

You can then redirect your text into simctl by doing a pbpaste into

xcrun simctl pbpaste booted

Once you’ve copied your data, clean up the transfer file:

rm ~/Desktop/transfer.txt

You can also pull text out. If you write data into the clipboard (e.g. during instrumentation) then you can extract it from that pasteboard using the simctl subcommand pbcopy as follows:

xcrun simctl pbcopy booted

The xcrun simctl subcommand also comes with a number of other pretty cool automations for programatic control, which I’ll try and cover later.

Screen Time And Setting Limits For Ourselves And Our Families

Do you know how much time you spend in various apps and on your device? Do you want to gently be reminded of how much time you’re staring at screens and maybe even be limited in how much you can be lost on the screen? 

First, let’s Let’s do this limiting the time you can be on the device in the first place, using a feature of Screen Time called Downtime:

  • Open Settings
  • Tap on Screen Time
  • Tap Downtime

Tap on and then set the start of Downtime and the stop of Downtime. Tap back on Screen Time in the upper left hand corner of the screen. Now, let’s setup an app limit for social apps (because really, most of us are on those wayyyy too much:

  • Open Settings
  • Tap on Screen Time
  • Tap App Limits
  • Tap an app category (e.g. Social Networking)
  • Set the number of hours you can use that type of app (note, if you set 23 hours and 59 minutes you are totally cheating)
  • Tap Add

Should you want to remove those limits you created, just tap Delete Limit. Or better, just configure apps that are allowed to bypass the limits you’ve made by tapping Always Allowed and adding apps that are always allowed to work. This allows you to limit all your apps except, as an example, Maps and Camera. 

Another option in Screen Time is Content and Privacy Restrictions. To configure these:

  • Open Settings
  • Tap on Screen Time
  • Tap on Content & Privacy Restrictions
  • Turn Content & Privacy Restrictions on by tapping the slider
  • Tap on iTunes & App Store Purchases

Here, you can limit installing apps, deleting apps, or making in-app purchases on the device. You can also just force a password in order to make any purchase from iTunes, Book Store purchases, or App Store purchases

  • Tap the back button
  • Tap Allowed Apps
  • Use the indicator light to disable any app you don’t want to be able to access on this profile
  • Once all apps are configured, tap the back button
  • Tap Content Restrictions

There are a lot of restrictions available. Most are mirrored with a profile and so can be controlled by an MDM as well:

  • Country: Start with the country your ratings are set for. 
  • Music, Podcasts, & News: Then, choose what whether or not explicit content is allowed (and by content we really mean music, podcasts, & news). 
  • Music Profiles & Posts: Then choose whether the device is allowed to publish music options and posts about music. 
  • Movies: Then set a maximum AFTRA rating (e.g. PG-13 or R) for content.
  • TV Shows: Select the TV ratings allowed (e.g. TV-G or TV-MA for mature audiences)
  • Books: Luckily, Tipper Gore never got her way so there’s no true rating systems for books. Just select Clean or Explicit.
  • Apps: Choose an age that ratings for apps are most appropriate
  • Web Content: Limit access only to specific websites, limit access to adult websites, or provide unrestricted access to web content
  • Web Search Content: Allow Siri to access the web to search
  • Explicit Language: Allow or restrict Siri from using dirty words
  • Multiplayer Games: Allow or deny access to multiplayer games
  • Adding Friends: Allow or deny access to add friends within the Game Center app
  • Screen Recording: Allow or deny access to screen recordings

Next, go back and in the privacy section, configure what apps are able to access Location Services, Contacts, Calendars, Reminders, Photos, Share My Location, Bluetooth Sharing, Microphone, Speech Recognition, Advertising, Media And Apple Music. 

Finally, under allow changes, configure whether you’ll be able to make changes to Passcode Changes, Account Changes, Cellular Data Changes, Volume Limits, Do Not Disturb While Driving, TV Providers, and Background App Activities. 

Using Managed App Config with Jamf Pro

Hey look, there’s a new category on the Jamf Marketplace, available at https://marketplace.jamf.com/apps/#category=AppConfig,selecting the AppConfig category. The new AppConfig category gives administrators of any MDM that supports AppConfig access to a set of apps that support AppConfig. If you have an app that isn’t listed here, feel free to let me know. 

What does this mean? Well, AppConfig is a way of sending data into an app. App config allows a customer to deploy settings into applications on iOS devices in much the same way that settings can be sent into a Mac app via the defaults command. This means an end user could get an app installed on their device from the iOS App Store, a custom app, or a B2B app and that app would have any settings the user might need to connect to servers or configure the experience.

So what is Managed App Config? At it’s most basic, you identify a label and a value in XML and send it to an iOS device that’s running iOS 7 or later (e.g. via Jamf 9 and up). The vendor who makes the app has to basically define what those settings are. Which brings up an interesting problem never fully addressed with defaults domains: standardization and ease-of-use (although MCX was close). 


AppConfig.org  is a consortium of MDM vendors and software vendors that maintain the emerging AppConfig standards around Managed App Config (within the confines of what Apple gives vendors) and then makes a feed of settings for apps that conform to those standards. Jamf is a founding member of Appconfig.org, along with MobileIron and AirWatch. Examples of what you could put into the AppConfig.org feed include 
  • Enabling certain features of apps
  • Server URLs
  • Logos (if they’re pulled dynamically)
  • Text labels
  • Language packs

To see a list of apps that are available, check out http://www.appconfig.org. 

Managed App Config options are set by vendors at compile time within the code and then the XML sent with the app is parsed by the app at installation time. If you’re a software vendor who wants to get started with AppConfig, check out the Spec Creator from Jamf Research or get in touch with the developer relations team from any MDM vendor.

If you’re a customer of an app and would like to leverage Managed App Config and your vendor isn’t listed on the appconfig.org site, get in touch with them, as this is the future of app management and chances are that you won’t be the only organization looking to unlock this type of feature. 

Let’s look at how this actually works. The Managed App Config options per supported app are available on a feed. The feed is available at http://d2e3kgnhdeg083.cloudfront.net. Here, as follows, you’ll see a list of all of the apps supported.


You can then copy the path for an app, such as com.adobe.Adobe-Reaser/1/appconfig.xml and append it to the end of the URL to get the feed for that specific app. You can test this using http://d2e3kgnhdeg083.cloudfront.net/com.adobe.Adobe-Reader/1/appconfig.xml to see output as follows.


Here, note that most of these fields are key value pairs defined by Adobe (in this example at least). You can enable or disable features of Adobe Reader using these keys. The same is true with a tool like Box that might want a more granular collection of settings than a feature like Managed Open In. 

Once you have the XML, you can then copy it to the clipboard and paste it into the App Configuration tab of an app, as follows. 

Finally, Apple has sample code available at https://developer.apple.com/library/content/samplecode/sc2279/Introduction/Intro.html

Ways to work together with your employees to help keep their skills sharp

My latest inc.com piece is available at https://www.inc.com/charles-edge/your-employees-want-extra-training-but-youre-going-to-have-to-help-them-get-star.html. It starts off like this, if it’s your kinda’ thing:
Employee engagement is dipping, according to a new study by human resources consultancy Aon Hewitt, but as an manager, you can make the workplace more appealing through positive initiatives such as employee training and development. Indeed, I’ve often had people I manage ask for more training. My answer is always an emphatic “yes.” But then something funny often happens: nothing. Giving staff approval for trainingdoesn’t necessarily mean that they’ll do it unless you follow up methodically and even micromanage the process. Why does this happen and what does it show about how employers and employees alike can do a better job to make sure development happens? I have five theories.

Use DNS To Improve Caching Service Discoverability

Clients discover the Apple Caching service bundled with macOS Server (and in the future macOS) automatically. You can create a text recored for _aaplcache._tcp on your DNS server. That would look
_aaplcache._tcp 518400 IN TXT “prs=192.168.50.100”
Name: _aaplcache._tcp with a type of TXT and a TTL of 518400 seconds. The prs is the address to be used and is set to a value using prs=192.168.50.100.

Precache Now Pulls Models From Jamf Pro

Added 3 new flags into precache tonight: –jamfserver, –jamfuser, and –jamfpassword. These are used to provide a Jamf Pro server (or cloud instance), the username to an account that can list the mobile devices on that server, and a password to that account respectively. Basically, when you provide these, the script will pull a unique set of models and then precache updates for them. It’s similar to grabbing a list of devices: curl -s -u myuser:mypassword https://myserver.jamfcloud.com/JSSResource/mobiledevices And then piping the output of a device list to: perl -lne 'BEGIN{undef $/} while (/<model_identifier>(.*?)<\/model_identifier>/sg){print $1}' And then running that array as an input to precache.py. Hope this helps make the script more useful!