Updated on 07/13/20 with additional info on Permitted apps for autonomous single app mode.

Background

Single App Mode, also known as the Kiosk Mode, has been in use in a wide range of settings. The goal is to lock down the device to a single application and control the user’s interaction with the device (i.e. Disable volume buttons, Disable sleep/wake button, etc.)

Some common usages with Single App Mode include but are not limited to:

• Directory at the shopping mall
• Self-Sign In at the building lobby/reception

To my pleasant surprise, Single App Mode also plays a vital role during the pandemic in 2020! In this case, iPads are deployed for caregivers and patients to communicate with each other while minimizing physical contact (and thus the chance of getting infected with the virus.)

Coronavirus Relief: Stanford ramps up ‘telehealth’ to help protect patients, providers (credit: Michael Goad via LinkedIn)

Here’s another excellent article by Stanford Health Care on how their iPads are utilized.

With iPad, COVID-19 patients see the caregiver behind the mask

If you are already familiar with Guided Access that’s already available on iOS devices, the concept with Single App Mode is more or less the same. Through MDM, however, you can set the same settings without touching every single device. This means you can have Single App Mode enabled across hundreds if not thousands of devices with minimal time and effort.

Unlike Guided Access, however, there are points to keep in mind with Single App Mode:

• The device is locked to a single application until the payload is removed
• The home button is disabled
• The device returns to the specified application automatically upon wake or reboot
  • This can be a huge problem you have pending commands (i.e. device wipe) to your device and it does not re-connect to the Internet upon reboot.
  • If your device has a SIM card slot, inserting an active SIM card will restore Internet connectivity temporarily for the pending commands to be executed.
  • If your device does not have a SIM card slot, your remaining option is to restore it with iTunes.

Thus, I would not recommend deploying Single App Mode unless you are well aware of the points above plus the steps you can take to exit out of this mode.

Another challenge I encountered during testing is that some conferencing applications, such as Cisco Jabber and Skype for Business, may have trouble accepting incoming calls in Single App Mode.

Skype for business single-app-mode missing call controls

With the Cisco Jabber, you can see there is an incoming call in the notification bar on top of the screen. However, you cannot press on it for whatever reason. Per the Apple support, this is a known issue.

• “We’ve confirmed this behavior with Jabber matches the issue Product Engineering is investigating, however, we do not yet have an update on a fix.”
• “This will require a code change in iOS, so we may not have a testable fix in the near-term.”
• “This issue might affect a number of apps that use the CallKit framework, so I can confirm it’s not isolated to Cisco Jabber.”

Research

I searched and found several KBs from the VMware Workspace ONE support portal related to this setup. I do recommend reading them all to be well informed with this simple yet powerful setting.

• How to configure Single App Mode for iOS devices (50117517)
• Configure a Single App Mode Profile
• Restart a Device Operating in Single App Mode
• Exit Single App Mode on iOS Devices
• Allow Device Admin to Exit Single App Mode from the Device
• iOS update on device locked in Single App Mode (50118436)
• Use of Permitted apps for autonomous Single App Mode (50104756)
• Two Apps in Single App Mode on iOS device (50118442)
• AAPP-5799: Installing a Single App Mode profile on iOS causes app notification permissions to be reset (2961631)

If you are short on time, do check out this video by Michael Goad through his 5 minute mobility YouTube channel which provides valuable information on this setup (and be sure to check out his other great videos on Mobility!)

Prerequisites

To set up Single App Mode, your device must be:

• Running iOS 7 or higher
• Supervised

Steps

To start, create an iOS device profile under DEVICES > Profiles & Resources > Profiles > Add Profile > iOS.

Next to Filter Type, choose between Lock device into a single app and Permitted apps for autonomous single app mode. The main difference between the two is that the latter one allows you to exit the Single App Mode easily with a pre-configured passcode similar to Guided Access. 

For Lock device into a single app, start by entering the application bundle ID of the app. Then, enable/disable the applicable settings further below.

As Michael Goad suggested in his YouTube video, you may want to ‘Disable auto-lock‘ as some apps may not work properly if the devices ever become idle due to inactivity. VMware technical support also suggested the same and more:

“As long as the “Disable auto-lock” option is checked in the single app profile and we do not have any other restrictions (passcode) defining the auto-lock time, the devices should be left unlocked at all times when the single app profile is applied irrespective of what has been set on the device passcode settings before applying the same. I would also suggest that you disable sleep/wake buttons on the single app profile so that the end-users cannot lock it by pressing these buttons”

Finally, hit SAVE & PUBLISH.

I have yet to find an app that supports Permitted apps for autonomous single app mode for testing purposes. I will surely update this post with further info on this.

As always, stay mobile/digital!