Copy/Paste for AppConnect for Android
You configure the copy/paste DLP policy for AppConnect for Android in the AppConnect Device configuration on Ivanti Neurons for MDM or in the AppConnect global policy on MobileIron Core. You can choose no restrictions for copy/paste, copy/paste only among AppConnect apps, or copy/paste only within each AppConnect app.
Each row of the following table summarizes whether copy/paste is allowed for a set of apps depending on the copy/paste setting:
|
|
Copy/Paste setting in AppConnect global policy |
||
|
No restrictions
|
Among AppConnect apps |
Within an AppConnect app
|
|
|
Between an AppConnect app and an unsecured app |
Allowed |
Not allowed |
Not allowed |
|
Between different AppConnect apps |
Allowed |
Allowed |
Not allowed |
|
Within each AppConnect app |
Allowed |
Allowed |
Allowed |
|
Between different unsecured apps |
Allowed |
Allowed |
Allowed |
|
Within each unsecured app |
Allowed |
Allowed |
Allowed |
Comparison with AppConnect for iOS copy/paste policy
The copy/paste policy behavior differs between AppConnect for Android and iOS. The following table highlights some differences.
|
|
AppConnect for Android |
AppConnect for iOS |
|---|---|---|
|
Symmetrical versus one-way |
Copy/paste restrictions are symmetrical. For example, if you restrict copy/paste to among AppConnect apps, you cannot copy out of an AppConnect app into a unsecured app, and you cannot copy out of an unsecured app into an AppConnect app. |
Copy/paste restrictions are one-way. The iOS Copy/Paste To DLP setting prohibits copying out of an AppConnect app, or prohibits copying out of an AppConnect app into an unsecured app. However, you can copy from an unsecured app into an AppConnect app. |
|
Restriction levels |
The copy/paste policy provides these restriction levels:
|
The iOS Copy/Paste To DLP setting provides these restriction levels:
|
|
Default setting in AppConnect global policy |
The default copy/paste option is no restrictions. This behavior is consistent with the behavior of your AppConnect for Android installed base. |
The default option is to not allow the user to copy data from AppConnect apps. |
Copying from non-AppConnect apps to AppConnect apps
When the Copy/Paste DLP setting is either Among AppConnect Apps or Within an AppConnect app, you can also allow device users to copy data from a non-AppConnect app to an AppConnect app. That is, the device user can copy data into the AppConnect container, but cannot copy data out of the container.
To allow users to copy data from a non-AppConnect app to an AppConnect app, add the following key-value pair
- Key: MI_ALLOW_SECURE_COPY_INBOUND
- Value: true
You add the key-value pair:
- For MobileIron Core deployments, on the AppConnect app configuration for Secure Apps Manager.
Interaction with Exchange setting
The Exchange setting for a device has a copy/paste option for Email+ for Android. This option allows or disables the use of copy/paste commands in these apps. The option applies to both the AppConnect-enabled version and the unsecured version of these apps.
If the Exchange setting disables copy/paste commands, then no copy/paste use is possible in these apps. In this case, the copy/paste DLP setting in the AppConnect global policy has no impact on these apps.
If the Exchange setting allows copy/paste commands, the copy/paste DLP setting in the AppConnect global policy determines the extent of copy/paste use in these apps, just as it does with other apps.
The following table summarizes the copy/paste behavior Email+, depending on the Exchange setting and the AppConnect global policy setting:
|
|
Copy/Paste DLP setting on AppConnect global policy |
||
|
No restrictions
|
Among AppConnect apps
|
Within an AppConnect app
|
|
|
Exchange setting disables copy/paste |
Not allowed for Email+. |
Not allowed for Email+. |
Not allowed for sEmail+. |
|
Exchange setting allows copy/paste
|
AllowedEmail+. |
Allowed among AppConnect apps and Email+ Allowed among unsecured apps and Email+ |
Allowed within Email+ Allowed among unsecured appsand Email+ |