Access denied to virtual sessions when using iOS 16 or later

The deviceTRUST Agent uses the remote iOS device name to determine the iOS client to connect to, but iOS 16 or later always reports 'iPhone' or 'iPad'.

In iOS 16 or later, Apple requires an entitlement for an application to be able to read the device name. Currently, the deviceTRUST iOS Client Extension does not include this entitlement, and therefore the operating system always returns 'iPhone' or 'iPad' as the device name. Consequently, when the deviceTRUST Client Extension for iOS running on iOS 16 or later registers with the deviceTRUST Portal, it is registered against the wrong device name.

The deviceTRUST Agent identifies the remote iOS device name using the LOCAL_REMOTECONTROL_REMOTE_NAME property within the virtual session. This remote iOS device name is compared against the name of the iOS devices registered within the deviceTRUST Portal at to determine which iOS device to connect to. If the devices are registered against the wrong device name, then a successful connection cannot be made.

Establishing the entitlement from Apple is work in progress. It may be necessary for us to make changes to the deviceTRUST iOS app before this entitlement can be granted.

Whilst we work to establish the entitlement, we've made the following changes to the deviceTRUST Portal to mitigate the problem.

  • We've added the ability to manually rename the iOS devices. By renaming the devices to the value that appears within the iOS Settings app under General > About > Name, a successful connection can once again be established.
  • When the deviceTRUST Portal determines that an iOS device has been upgraded to iOS 16 or later, the previous device name is captured and the device is automatically renamed.

An updated deviceTRUST Client Extension for iOS will soon be released which allows the user to better identify their iOS device within the deviceTRUST Portal, allowing multiple iOS devices all with the name 'iPhone' or 'iPad' to be better identified.