The new iOS 10 update have brought a lot of new and exciting features to it. While most of those features look awesome, there are some new features that might cause some unexpected behaviour. While making an iOS 10 device a managed device, you might find that the old way of doing things has been changed a bit. One such change is the enhancement of Whitelist feature for supervised devices.
iOS 10 Apple configurator’s allowed apps issue with the phone app
For managed devices till iOS 10, the Whitelisting policy added the system apps to the list by default ie; the user did not have to add the system apps to the list themselves. According to the Default deny approach, any apps that are not in the Whitelisted apps list gets restricted from accessing. Apparently, since iOS 10 the system apps are not treated any different than other apps. But not everyone is aware of this change.
For example, after updating a device to iOS 10, the Phone app (which is a system app) ceased working after adding some apps to the Whitelist with the option “Only allow some apps” selected.
The Phone app which still showed up on the home screen was not able to make any calls but could receive calls. Now, this Whitelisting did not just affect the Phone app but all the other apps which were not included in the list, which is understandable if Apple wanted to enhance the Whitelist feature. Basically you have to add all the apps you want to use to the list and no exceptions. But what seemed odd was that adding the phone app to the list did not work.
To solve this problem we had to add the “com.apple.InCallService” identifier to the Whitelist and the Phone app started to work just fine.
While the other system apps would work just by adding the name to the list the phone app required the bundle identifier. Let’s hope Apple will fix the iOS 10 Apple configurator’s “allowed apps” issue with the phone app in future updates.