AppConnect for iOS overview
AppConnect for iOS apps are either:
- built using the AppConnect for iOS SDK
- wrapped
AppConnect functionality on iOS devices is provided by the AppConnect app and the Ivanti UEM client app for iOS.
- Go for Ivanti Neurons for MDM
- Mobile@Work for MobileIron Core
Component support and compatibility
For the supported versions of the various components in an AppConnect deployment, including the Ivanti UEM and Ivanti UEM client, see “Product versions required” in either
- the AppConnect for iOS SDK App Developers Guide
- the AppConnect for iOS App Wrapping Developers Guide
See the guide that corresponds to the version of AppConnect with which the app is built or wrapped.
Wrapping support for mobile development platforms
Many iOS apps are created using mobile development platforms, rather than using the Apple environment that targets only iOS devices. You can wrap iOS apps that were created using these mobile development platforms:
- PhoneGap
- IBM Worklight
- Xamarin
Data loss prevention for secure apps for iOS
You determine whether an app can use the iOS pasteboard, the document interaction feature (Open In,
Data encryption for secure apps for iOS
The following describe the data encryption for secure apps for iOS:
AppConnect-related data
AppConnect-related data, such as app configurations and certificates, is encrypted on the device. The encryption key is not stored on the device. It is either:
- Protected by the device user’s AppConnect passcode.
- Protected by the device passcode if the administrator does not require an AppConnect passcode.
- Protected by the device passcode if the device user uses Touch ID / Face ID with fallback to device passcode to access AppConnect apps.
- Protected by the AppConnect passcode if the device user uses Touch ID / Face ID with fallback to AppConnect passcode to access AppConnect apps.
If no AppConnect passcode or device passcode exists, the data is encrypted, but the encryption key is not protected by either passcode.
App-specific data
Data that the app saves on the device is also protected with encryption. Specifically:
- For a wrapped app, if the device has a device passcode, then iOS encrypts the app’s data.
If no device passcode exists, iOS encrypts the data, but the encryption key is not protected. - For an app built with the SDK or Cordova Plugin, if the app enables iOS data protection on its files, and the device has a device passcode, then iOS encrypts the app’s data. Most apps enable iOS data protection, which is default app behavior.
If no device passcode exists, iOS encrypts the data, but the encryption key is not protected. -
Some SDK apps use SDK-provided secure services. For these apps, the app’s data is encrypted if the device has a device passcode or an AppConnect passcode.
If no device passcode or AppConnect passcode exists, iOS encrypts the data, but the encryption key is not protected.SDK apps that use SDK-provided secure services can also share encrypted data with other SDK apps. To do this, the app’s documentation provides an encryption group ID key for you to include in the app’s app-specific configuration. If you include the same value for an encryption group ID key for another AppConnect app, the apps can share the encrypted data.
Contact the app developer or vendor to determine whether the app enables iOS data protection, and whether SDK apps use the SDK-provided secure file I/O. This information contributes to your decisions to require an AppConnect passcode and device passcode.
The following table summarizes the protection of the data that AppConnect apps save on the device. Note that if a device user uses Touch ID or Face ID to access AppConnect apps, a device passcode is available.
|
Device passcode but no AppConnect passcode |
AppConnect passcode but no device passcode |
Device passcode and AppConnect passcode |
Neither a device passcode or AppConnect passcode |
Wrapped apps |
App data encrypted |
iOS encrypts the data, but the encryption key is not protected. |
App data encrypted |
iOS encrypts the data, but the encryption key is not protected. |
SDK and Cordova apps that enable iOS data protection (typical behavior) |
App data encrypted |
iOS encrypts the data, but the encryption key is not protected. |
App data encrypted
|
iOS encrypts the data, but the encryption key is not protected. |
SDK apps that use SDK-provided secure services |
App data encrypted |
App data encrypted |
App data encrypted |
iOS encrypts the data, but the encryption key is not protected. |