Los Angeles has purchased 640,000 iPads for distribution to students in 47 campuses by the end of 2014. But just a week into the program the roll out may be halted while security concerns are addressed.
Students at Theodore Roosevelt High School have worked out how to remove MDM management profiles from their iPads removing security restrictions put in place by administrators. Once the profile is removed the student is left with a completely unrestricted iPad preventing administrators from being able to manage or track the device.
In a leaked memo, LA Unified School District Police Chief Steven Zipperman said, “I want to prevent a ‘runaway train’ scenario when we may have the ability to put a hold on the roll-out.”
Only a couple of weeks ago ClassThink highlighted exactly this problem for schools. iPad users are able to remove MDM management profiles without restriction. Once done apps and settings pushed out by the school are removed and the student is left with an unrestricted device capable of installing any software or accessing any content they wish.
Students can only be incentivised, not prevented, from removing management profiles which apply settings such as content filtering, web proxy settings, geolocation information, and school provided apps. Where a school has a trolley of 30 devices this problem may not become an issue, but when you are looking at more than half a million devices the scale simply makes iPad unmanageable and insecure.
An employee of a business has an incentive — job security — not to deliberately tamper with iPad management profiles. A student has no such incentive and it should be expected that just this sort of experimentation will happen. It only takes a second to remove an iPad management profile or factory reset a device. With no way to restrict students accessing these core features it makes scaling iPads incredible difficult or impossible.
Whether these issues were released before the roll out started isn’t known, but this is a problem every school using iPads faces.