The architecture
The Kosher iPhone is built on Apple's **Mobile Device Management (MDM) with Supervised Mode** — the same stack deployed on every Fortune 500 employee iPhone, every federally-issued government device, and every K-12 school iPad fleet.
MDM provides two things: a **policy layer** on the device (what apps are allowed, what restrictions apply) and a **communication channel** between our management server and the device. The policy layer is enforced at the iOS level — below the user. The communication channel is authenticated, encrypted (TLS 1.3), and bidirectional.
Supervised Mode, engaged via Apple's DEP (Device Enrollment Program) on first boot, unlocks the full enterprise restriction set. Without supervision, only a subset of MDM policies apply. With supervision, restrictions are comprehensive, cannot be removed by the user, and survive factory resets.
What we can see
Our management console shows, for each enrolled device:
- **Enrollment status** — is the device online and checking in? - **iOS version** — are you on an approved iOS build? - **Installed apps** — what's on the whitelist we pushed? - **Compliance health** — has the device attempted to install an unauthorized profile or jailbreak? - **Location** — only if the device is reported lost and we engage Find-My (otherwise, location is not collected).
That's the operational surface. It's what we need to do our job.
What we cannot see
Apple's MDM protocol explicitly does not expose:
- **Messages** (iMessage, SMS) — content never leaves the device's Secure Enclave. - **Calls** — audio, logs, duration, contacts called. None visible to MDM. - **Photos** — contents not readable by MDM; photo metadata not available. - **Email content** — Mail app data not exposed. - **Browsing history** — there's no browser anyway, but if there were, MDM couldn't see the history. - **Location tracking** — GPS coordinates are not continuously reported to our server.
MDM is a policy system. It is not surveillance. Apple designed it specifically so enterprises can enforce security without seeing employees' private content, and that design serves frum families equally well.
Our security posture
**Management server**: hosted on dedicated infrastructure, encrypted at rest, accessed only via multi-factor authentication for our operations team.
**API security**: MDM commands are signed by our server certificate. Apple's APNs (Apple Push Notification service) verifies signatures before relaying to the device — ensuring only our authenticated server can push commands to your enrolled device.
**Data minimization**: we collect the minimum data required to operate the service. We do not sell, share, or analyze your data. No analytics. No data-broker relationships.
**Incident response**: if we detect unusual activity on your device (unauthorized profile install attempt, jailbreak indicators), we notify you within hours. If our own infrastructure is compromised, we have a 24-hour breach notification commitment.
Compliance
Our management stack is aligned with industry standards. For institutional customers (schools, businesses, healthcare) we can provide additional compliance documentation on request — including SOC 2 posture, BAA templates for HIPAA-aligned deployments, and FERPA alignment for educational institutions.
Frequently Asked Questions
Can you read my iMessages?
No. Apple's MDM protocol does not expose message content. iMessage data is encrypted end-to-end and stored in the device's Secure Enclave — not accessible to MDM operators.
Do you track my location?
No, not by default. We only engage location services (via Apple's Find My) if you report the device lost and request tracking. Otherwise, we do not collect continuous location data.
If your server is compromised, what's exposed?
Our management console holds device configurations, enrollment tokens, and app whitelists — not user content. A full breach would expose those configurations, which is an inconvenience, not a privacy catastrophe. We would notify all affected customers within 24 hours.