AppConnect for iOS overview

AppConnect for iOS apps are either:

  • built using the AppConnect for iOS SDK
  • wrapped

AppConnect functionality on iOS devices is provided by the AppConnect app and the Ivanti UEM client app for iOS. Unlike AppConnect for Android, AppConnect for iOS has no separate Secure Apps.

Component support and compatibility

For the supported versions of the various components in an AppConnect deployment, including the Ivanti UEM and Ivanti UEM client, see “Product versions required” in either

  • the AppConnect for iOS SDK App Developers Guide
  • the AppConnect for iOS App Wrapping Developers Guide

See the guide that corresponds to the version of AppConnect with which the app is built or wrapped.

Wrapping support for mobile development platforms

Many iOS apps are created using mobile development platforms, rather than using the Apple environment that targets only iOS devices. You can wrap iOS apps that were created using these mobile development platforms:

  • PhoneGap
  • IBM Worklight
  • Xamarin

Data loss prevention for secure apps for iOS

You determine whether an app can use the iOS pasteboard, the document interaction feature (Open In, Open From), drag and drop, copy-paste or print. AppConnect for iOS uses this information to limit the app’s functionality to prevent data loss through these features.

Data encryption for secure apps for iOS

The following describe the data encryption for secure apps for iOS:

AppConnect-related data

AppConnect-related data, such as app configurations and certificates, is encrypted on the device. The encryption key is not stored on the device. It is either:

  • Protected by the device user’s AppConnect passcode.
  • Protected by the device passcode if the administrator does not require an AppConnect passcode.
  • Protected by the device passcode if the device user uses Touch ID / Face ID with fallback to device passcode to access AppConnect apps.
  • Protected by the AppConnect passcode if the device user uses Touch ID / Face ID with fallback to AppConnect passcode to access AppConnect apps.

If no AppConnect passcode or device passcode exists, the data is encrypted, but the encryption key is not protected by either passcode.

App-specific data

Data that the app saves on the device is also protected with encryption. Specifically:

  • For a wrapped app, if the device has a device passcode, then iOS encrypts the app’s data.
    If no device passcode exists, iOS encrypts the data, but the encryption key is not protected.
  • For an app built with the SDK or Cordova Plugin, if the app enables iOS data protection on its files, and the device has a device passcode, then iOS encrypts the app’s data. Most apps enable iOS data protection, which is default app behavior.
    If no device passcode exists, iOS encrypts the data, but the encryption key is not protected.
  • Some SDK apps use SDK-provided secure services. For these apps, the app’s data is encrypted if the device has a device passcode or an AppConnect passcode.
    If no device passcode or AppConnect passcode exists, iOS encrypts the data, but the encryption key is not protected.

    SDK apps that use SDK-provided secure services can also share encrypted data with other SDK apps. To do this, the app’s documentation provides an encryption group ID key for you to include in the app’s app-specific configuration. If you include the same value for an encryption group ID key for another AppConnect app, the apps can share the encrypted data.

Contact the app developer or vendor to determine whether the app enables iOS data protection, and whether SDK apps use the SDK-provided secure file I/O. This information contributes to your decisions to require an AppConnect passcode and device passcode.

The following table summarizes the protection of the data that AppConnect apps save on the device. Note that if a device user uses Touch ID or Face ID to access AppConnect apps, a device passcode is available.

Table 2.   Encryption of AppConnect app data on the device

 

Device passcode but no AppConnect passcode

AppConnect passcode but no device passcode

Device passcode and AppConnect passcode

Neither a device passcode or AppConnect passcode

Wrapped apps

App data encrypted

iOS encrypts the data, but the encryption key is not protected.

App data encrypted

iOS encrypts the data, but the encryption key is not protected.

SDK and Cordova apps that enable iOS data protection (typical behavior)

App data encrypted

iOS encrypts the data, but the encryption key is not protected.

App data encrypted

 

iOS encrypts the data, but the encryption key is not protected.

SDK apps that use SDK-provided secure services

App data encrypted

App data encrypted

App data encrypted

iOS encrypts the data, but the encryption key is not protected.