Opening .mobileconfig files on iOS in Profiles Preferences: Cannot

Hello!
long time no see me. Been off the radar for a bit.

I have a feature request.

I have a number of *.mobileconfig files that I have stored in my 1Password vaults for things like VPNs or other access to my family's servers.

They work fine for opening the files in System Preferences > Profiles on macOS when it is opened from 1Password.macOS, but when opened from 1Password.iOS, it opens up the file as a text file. I could use the share menu to save the file to the Files app, but I don't really want to be storing these files to the open cloud…

Aside: I tried it anyway (with a config file I didn't care much about) but it didn't work to save it to Files anyway. I get an error saying that the file doesn't exist and then subsequent attempts resulted in nothing. I go to the Files.app and look to the Desktop where I saved it and there is no blah.mobileconfig file present. I think I've seen this for other file types too, when trying to save a file from a Vault to the iOS Files.app.

So, two things. Could you add a filetype identifier to be able to let 1Password know that *.mobileconfig files are to be opened in Preferences > General > Profiles?

…and can you look into the issue of not being able to save out Vault stored files to the Files.app from within 1Password (not extension).

Thanks, hope you had a wonderful Christmas and a Happy New Years!
@skippingrock


1Password Version: 7.2.5
Extension Version: Not Provided
OS Version: iOS 12.1.2
Sync Type: Dropbox/1Password

Comments

  • brentybrenty

    Team Member

    @skippingrock: Hey! Merry Christmas and Happy New Year to you too! I hope you're having a great holiday season. :chuffed:

    While file types and management are not quite the same on iOS as on macOS (to put it mildly), we can look into it. I'm not sure it scales well for us to try to do this ourselves for individual file types, maybe there's an easier way (or could be as Apple continues adding more robust file management capabilities to iOS).

    We also need to consider the security implications. In your description, it sounds like you're assuming that the file would somehow be protected by 1Password just by virtue of you opening it from there, but that isn't really the case. In order for any file/data to be accessible outside of 1Password, it needs to be decrypted and exposed (albeit less globally on iOS). So there wouldn't be a security benefit to have 1Password better support handling files, and, on the contrary, we'd need to be more careful and have 1Password warn the user before making any of their 1Password data available to other apps.

    Anyway, thanks for bringing it up! :)

    ref: apple-2897

  • thanks for looking into this

  • brentybrenty

    Team Member

    :) :+1:

  • So there wouldn't be a security benefit to have 1Password better support handling files

    I have *.mobileconfig files that include passwords and/or certificates that I do not wish to store unencrypted but that I need accessible. I remove some when they aren't needed, or are a liability (passing through minimal-rights zones such as country borders), but I need the ability to reinstall them.

    Currently I have few (if any) good options on how to store these files safely in a way that is both encrypted and accessible to iOS. In fact, the only practical option tends to be having them emailed or placed on a web server for the amount of time it takes me to retrieve them (and currently 1Password makes it easy for me to send the file to a cloud storage location, so I already have a nice insecure option, but not a secure way to pass the file directly to the OS).

    Oddly enough if I have two devices with me, the easiest way is to open the file on 1Password on the opposite device and airdrop it, so two devices can literally bootstrap each other.

    A more general solution to handling a wide range of filetypes is, in my opinion, not nearly as useful; 1Password can already open images (very useful for storing QR codes) and pass most filetypes to an appropriate app (should a user have such a trusted app available), but mobileconfig files are a unique situation as they frequently essentially are just a fancy way of storing a credential and there is no way to open them from 1Password directly into the OS.

    So I too would very much appreciate support for this specific file type, while I do find existing support for other file types is good enough for my needs.

  • brentybrenty

    Team Member

    Thanks for sharing your thoughts, and use case! I use AirDrop for stuff like that a lot too. To me this sounds more like an OS issue, with iOS of course not being super flexible with regard to managing files, either for users or the apps (and their developers) themselves. I'm hoping that Apple continues to add some more tools in this regard over time, since it can help with a wide variety of things well outside the realm of password managers and secure storage in general. So while it doesn't seem very feasible right now, that could easily change this year, next year, etc. in such a way that would allow us to take advantage of new tools in the OS to make it easier to work with files we save in 1Password. I"m not going to hold my breath, but we'll see. :)

  • So currently there is currently no way from 1Password for us to open .mobileconfig files in Preferences like I can from macOS?

  • So currently there is currently no way from 1Password for us to open .mobileconfig files in Preferences like I can from macOS?

    Not from a single iOS device, you need two. Or you can save the .mobileconfig file to a cloud service and open it in Safari, or email it to yourself. There used to be a "File Storage" type app that created a local HTTP server which you could access from Safari using the 5 minute window apps can run in the background, but either it didn't make the jump to 64-bit or they were forced to drop the feature (maybe Apple has some loopback restrictions? There are still a couple that make your files available to other devices via HTTP, I think).

  • brentybrenty

    Team Member

    I am definitely unsure about local HTTP servers.

    You can probably do something like that with a file sharing app which integrates with Files. Since that's handled by the OS, I think you can just open it from there, in a sense. It all depends on the OS handling the particular file type though:

    The problem is that you're probably storing these things in 1Password for a reason. Likely you want to make sure it's encrypted using your Master Password. But by the same token we'd face a similar challenge trying to integrate 1Password with Files, since we don't have control over the security there. So I don't really see a solution to this. Can't have it both ways.

  • a mini local web server within 1Password to handle these types of things en device?

  • brentybrenty

    Team Member

    That would be a terrible idea from a security perspective, so even though I don't even know if it would be possible I'm gonna give it a "heck no". :lol: It's fun to think about though. ;)

  • One thought about a more secure implementation would be to integrate right into the Files app as a "Cloud" storage, but only offering locally available documents for a limited period of time after they are unlocked in 1Password (but I'm unclear if you can register/unregister the provider or if this would mean a permanent mostly-empty 1Password entry in the Files app?) -- This would be overkill right now and has a fairly high technical barrier to entry, but it would be worth considering if 1Password ever moved into secure document storage/management and/or if iPadOS introduces a more usable filesystem and more apps start using it).

    Ultimately though, today I can open all of the things I store in 1Password right in the iOS app except for .mobileconfig files -- All the other ones I can think of are image files (travel documents and identification where an image might be more valuable than just the text, some QR codes that I periodically need, and similar).

  • brentybrenty

    Team Member

    I'm not sure what guarantees we have as far as the data actually getting removed securely after that, but it's an interesting idea. I'm sure that if Apple develops a feature for that purpose it would take that into consideration though. And now that iPadOS is a thing, I'm not entirely sure I'd be surprised if there are more tools to handle files in the future. :)

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file