Open Radar

 
Summary:
On iOS 11, trying to install a configuration profile through MDM will fail when the "com.apple.applicationaccess" payload contains "com.apple.weather" as a blacklisted application. It will fail to install on an iPad, even though the iPad does not (visibly) have the Weather app.

This used to work just fine in iOS 10 or earlier.

The problem with this bug is that MDM customers will have existing configuration profiles that are assigned through automated rules, which will now (after upgrading their devices to iOS 11) all of a sudden fail to install, causing their provisioning or configuration workflows to fail.


Steps to Reproduce:
- try to install the enclosed configuration profile "Disallow weather app only.mobileconfig" on a supervised iPad running iOS 11

Expected Results:
Since the profile only contains a restrictions payload, which only contains the "blacklistedAppBundleIDs" value, which only blacklists a single app (namely "com.apple.weather") and that app is not even visible on the device, installation of the profile should succeed.


Actual Results:
Installation of the profiles fails with the following error:
The profile “Disallow weather app only” is invalid.The payload “Disallow weather app only” is invalid.The field “blacklistedAppBundleIDs” contains the invalid value “com.apple.weather”.

Version/Build:
iOS 11.0.2 (16A421)

Configuration:
Only happens on iOS 11, works fine on iOS 10 or earlier, so this appears to be a regression in iOS 11.