Our (internally distributed) iOS app relies on iOS 4.2’s encryption to secure sensitive data.
However, that only works satisfactory if the user is using a good system-wide password.
I understand that this can be enforced by installing a configuration profile on those iOS devices by configuring the rules for a password.
Since the installation of this profile is optional to our users, how can we make sure our app only works if a certain profile is installed, or alternatively, if certain password regulations are met?
(We are not concerned with jailbreaks and related cracks to our software, so the ability to test for a config profile or other criteria inside our own code would be sufficient.)
What you can do, is create a (self-signed) SSL Certificate and add your signing authority to the configuration profile. Then, from within your app you can attempt to verify the certificate. The verification will only work if you trust the signing authority, which only happens if you have configuration profile has been installed.
You can read more about the process here if you wish:
http://blog.slaunchaman.com/2011/12/01/enforcing-ios-security-settings-in-third-party-applications/
Note: This may not be acceptable for submission to the App Store.