“iOS Update Delay” allows you to keep your iOS devices up to date, while removing the “surprise” factor of new iOS updates. Once set, no action is required by the administrator. There are limitations to this feature, so it is important to understand how it works, and why you may — or may NOT — want to use it.
How does iOS Update Delay work?
GroundControl’s iOS Update Delay takes advantage of the signing overlap during iOS transitions. For a period of a few days, Apple allows both the old and the new iOS versions to be installed. GroundControl’s feature simply exposes that choice, allowing you to set a preference to use the old or new version.
What is iOS signing?
No matter how you update your devices — iTunes, Configurator, GroundControl or over-the-air — Apple must validate that update is approved. This validation — known as “signing” — allows Apple to have tight control over which versions of iOS are valid for particular devices. This control is one of the best security defenses Apple has against known vulnerabilities, and contributes to making iOS an incredibly secure mobile platform.
When Apple releases a new version of iOS, say iOS 10.0, they begin signing that version. Eventually, they will stop signing the old version, iOS 9.3.5. When they stop signing iOS 9.3.5, you will no longer be able to install 9.3.5.
However, Apple doesn’t immediately stop signing iOS 9.3.5. There’s an overlap when both iOS 9.3.5 and iOS 10.0 are being signed. And if you know how, you have a choice over which version can be installed.
How long does the signing overlap last?
Typically 7 – 14 days. iOS 9 was released on 16 Sept 2015, but Apple kept signing iOS 8.4.1 until 30 Sept 2015. Minor updates often have a shorter window. Rarely, Apple immediately stops signing an iOS release once a bug fix comes out.
Does GroundControl allow Recovery Mode to use the older iOS version?
Yes. Edit the workflow “Recovery Mode Erase & Update” to set the iOS Delay preference.
Can I set some workflows to use the latest iOS update for testing, but have others prefer the older update?
Yes. You set the preference in individual workflows.
Will iOS Update Delay downgrade devices?
Yes, if the window for signing the older version is still open. You should start with an erased device to avoid any issues when downgrading.
What happens to the workflow when Apple stops signing the older release?
The GroundControl workflow will begin installing the most recent version. Most days of the year, Apple is signing only a single iOS version. And during those days, the two “iOS Update” options behave exactly the same.
There is also an option to “Skip the update if the device is at…” Which has priority?
The “Skip” checkbox has priority. That is, if the device is already at or above the minimum version you specify, GroundControl will not update the device.
But I don’t want to update my devices! How do I turn off updates?
Simply do not include the “Update iOS” action in your workflow. See? That was easy. But note that your devices may be vulnerable to attackers. For example, look at what was fixed in iOS 9.3.5.
Can you prevent my users from updating their devices using Settings?
No. Single App Mode is the only way Apple allows you to prevent iOS updates on the device. We’ve heard of techniques for blocking update checking using DNS or proxy PAC files, but we have not tested these techniques.
Can GroundControl install any version of the OS I specify?
No. Apple signs iOS versions cryptographically, and GroundControl can not install unsigned firmware. (Also, it would be a bad idea to install old software with known vulnerabilities.)