About allowing a secure app to ignore the auto-lock time
You can specify that a particular secure app is allowed to ignore the auto-lock time.
The auto-lock time specifies the length of a period of inactivity. After this period of inactivity, the device user is prompted to reenter his secure apps passcode to continue accessing secure apps.You configure the auto-lock time:
- MobileIron Core deployments: on the AppConnect global policy.
For some apps, staying on a screen is critical. For example, in a navigation app, the device user taps the screen only infrequently, but the screen must continue displaying. Therefore, the app is designed to ignore the Android screen timeout setting, which turns off the screen after a period of time.
Such apps also require that when the auto-lock time expires, the app’s screen continues displaying. The normal behavior of having the Secure Apps Manager prompt for the secure apps passcode is not compatible with the app’s functionality.
By allowing an app to ignore the auto-lock time for these critical screens, you improve the app’s user experience. The app’s critical screens are not interrupted by prompting the user to reenter his secure apps passcode.
You specify that a secure app is allowed to ignore the configured auto-lock time by adding the following key-value pair in the app’s AppConnect app configuration:
- Key: AC_IGNORE_AUTO_LOCK_ALLOWED
- Value: true.
App requirements to ignore the auto-lock time
Only apps that use particular Android APIs to keep a screen active can ignore the auto-lock time. The app developer or app vendor will inform you if this feature is possible and important for the app.
NOTE: | Most apps do not need to, and should not, ignore the auto-lock time. Even if an app developer requests that you allow the app to ignore the auto-lock time, the choice to do so is yours. Your choice depends on whether your requirements for forcing the user to reenter the secure apps passcode outweigh your requirements for the app to have an uninterrupted screen. |
What the device user sees when an app ignores the auto-lock time
Critical screens of the app are not interrupted by prompting the user to reenter his secure apps passcode.
Although the critical screen is not interrupted, note that the secure apps container is still locked when the auto-lock time expires.
For example, consider these scenarios:
-
The device user leaves the app by selecting the Home button.
If the auto-lock time had expired while the app was displayed, the device user is prompted for the secure apps passcode when he relaunches the app or any other secure app.
-
The device user changes from an app screen that requires continuous display to another app screen that does not require it.
If the auto-lock time had expired while the first screen was displayed, the device user is prompted for the secure apps passcode when he changes screens.