MobileIron AppConnect 9.0.0.0 for Android App Developers Guide| 18
AppConnect apps:
l
encrypt their application data.
Application data on the device is encrypted using AES-256 encryption. The encryption key is not stored on
the device. It is programmatically derived, in part from the device user’s AppConnect passcode. Therefore,
the application data is secure even on a device that becomes compromised.For hybrid web apps, data
related to the android.webkit package’s WebView class is encrypted. This web-related data can include
cookies, the web cache, and web databases.
NOTE: File names are not encrypted.
l use only containerized data.
AppConnect apps can share data only with other AppConnect apps. Unsecured apps cannot access the
data. Data in the secure container stays in the secure container.
Exceptions are described in Accessible Apps to preserve the user experience.
l enforce data loss prevention.
The server administrator determines the data loss prevention policies for an app. For example, these
policies include whether an app allows screen capture, copy/paste interaction with other apps, and access
to the camera, gallery, or media player. The AppConnect app’s wrapper enforces the policies.
l can tunnel network connections to servers behind an enterprise’s firewall.
This capability means that device users do not have to separately set up VPN access on their devices to
use the app.
l can send a certificate to identify and authenticate the app user to an enterprise server.
Depending on the enterprise server implementation, this authentication occurs without interaction from the
device user beyond entering the AppConnect passcode. That is, the device user does not need to enter a
user name and password to log into enterprise services. Therefore, this feature provides a higher level of
security and an improved user experience.
This feature is not available with MobileIron Cloud.
l can receive app-specific configuration information from the MobileIron server.
This capability requires some additional app development. It means that device users do not have to
manually enter configuration details that the app requires. Furthermore, for security reasons, some apps do
not want to allow the device users to provide certain configuration settings at all. By automating the
configuration process for the device users, each user has a better experience when installing and setting
up apps. Also, the enterprise has fewer support calls, and the app is secured from misuse due to
configuration.
l provide anti phishing protection.
If anti-phishing is enabled in the UEM using Mobile Threat defense and users have enabled anti-phishing
on their device, when users tap on a URL in their AppConnect app, anti-phishing protection is triggered.
However, entering a URL directly into a browser or tapping a web link in a browser does not trigger anti-
phishing support. For information about Mobile Threat Defense, see the MobileIron Threat Defense
Solution Guide for your UEM.
Accessible Apps to preserve the user experience
AppConnect apps can share data only with other AppConnect apps.
However, some exceptions exist to this rule to:
Accessible Apps to preserve the user experience