Test data loss prevention policy handling
The AppConnect container policy for your app specifies its data loss prevention (DLP) policies. In this policy, you specify whether your app is allowed to:
•copy content to the iOS pasteboard.
•drag and drop content to other apps
•print by using AirPrint, any future iOS printing feature, any current or future third-party libraries or apps that provide printing capabilities.
•share documents with other apps.
By changing the AppConnect container policy, you can test:
•your app’s behavior for each data loss prevention policy.
•how your app handles changes to the policies in the notification callback methods in the AppDelegateProtocol.
To change the DLP policies:
1. | In the Admin Portal, select Policies & Configs > Configurations. |
2. | Select the AppConnect container policy for your app. |
3. | Click Edit in the right-hand pane. |
4. | Allow or prohibit features relating to data loss prevention policies as follows: |
DLP policy |
Description |
Allow Print |
Select Allow Print if you want the app to use the device’s print capabilities. |
Allow Copy/Paste To |
Select Allow Copy/Paste To if you want the device user to be able to copy content from the AppConnect app to other apps. When you select this option, then select either: •All Apps Select All Apps if you want the device user to be able to copy content from the AppConnect app and paste it into any other app. •AppConnect Apps Select AppConnect Apps if you want the device user to be able to copy content from the AppConnect app and paste it into only other AppConnect apps. |
Allow Drag and Drop |
Select Allow Drag and Drop if you want the device user to be able to drag content from the AppConnect app to other apps. When you select this option, then select either: •All Apps Select All Apps if you want the device user to be able to drag content from the AppConnect app to any other app. •AppConnect Apps Select AppConnect Apps if you want the device user to be able to drag content from the AppConnect app to only other AppConnect apps. |
Allow Open In |
Select Allow Open In if you want the app to be allowed to use the device’s Open In (document interaction) feature. When you select this option, then select either: •All Apps Select All Apps if you want the app to be able to send documents to any other app. •AppConnect Apps Select AppConnect Apps to allow an AppConnect app to send documents to only other AppConnect apps. This option results in the openInPolicy property having the value ACOPENINPOICY_WHITELIST. Also, the openInWhitelist property contains the list of currently authorized AppConnect apps. •Whitelist Select Whitelist if you want the app to be able to send documents only to the apps that you specify. Enter the bundle ID of each app, one per line, or in a semicolon delimited list. For example: com.myAppCo.myApp1 com.myAppCo.myApp2;com.myAppCo.myApp3 The bundle IDs that you enter are case sensitive. |
5. | Click Save. |
6. | Click Yes to confirm. |
Push the change to your device immediately, by doing the following steps on the device:
1. | Launch Mobile@Work. |
2. | Tap Settings. |
3. | Tap Check for Updates. |
4. | Tap Force Device Check-in. |
If your app is running, it receives the notifications for the updated DLP policies. Otherwise, it receives the notifications the next time it runs.
Verify that your app correctly handles the data loss prevention policy changes, as shown in the following table:
Policy change |
What to verify |
Allow copy/paste to for all apps |
•Verify that the user can cut or copy text, images, or other data to the pasteboard. •Where appropriate, verify that any special user interface that offers the ability to cut or copy data is available and enabled. Also, verify that your app calls the -pasteboardPolicyApplied:message: method. |
Allow copy/paste to for AppConnect Apps only |
•Verify that the user can cut or copy text, images, or other data to the pasteboard. •Where appropriate, verify that any special user interface that offers the ability to cut or copy data is available and enabled. •Verify that the user can paste the data from the pasteboard only into other AppConnect apps. Also, verify that your app calls the -pasteboardPolicyApplied:message: method. |
Do not allow copy/paste to |
•Verify that the user cannot to cut or copy text, images, or other data to the pasteboard. •Where appropriate, verify that any special user interface that offers the ability to cut or copy data is removed or disabled. •Verify your implementation of the callback method Also, verify that your app calls the -pasteboardPolicyApplied:message: method. |
Allow drag and drop to only AppConnect apps |
Verify your implementation of the callback method |
Allow open in for all apps |
Verify that your app enables user interfaces, if any, that give the user the option to use Open In. Also, verify that your app calls the -openInPolicyApplied:message: method. |
Allow open in for AppConnect apps |
Verify that: •your app enables user interfaces, if any, that give the user the option to use Open In. •your app calls the -openInPolicyApplied:message: method. •the -appConnect:openInAttemptedWhenACOpenInPolicyBlocked: callback method, if implemented, behaves as you expect. |
Allow open in for whitelisted apps |
Verify that: •your app enables user interfaces, if any, that give the user the option to use Open In. •your app calls the -openInPolicyApplied:message: method. •the -appConnect:openInAttemptedWhenACOpenInPolicyBlocked: callback method, if implemented, behaves as you expect. |
Do not allow open in |
Verify that: •your app disables user interfaces, if any, that give the user the option to use Open In. •your app calls the -openInPolicyApplied:message: method. •the -appConnect:openInAttemptedWhenACOpenInPolicyBlocked: callback method, if implemented, behaves as you expect. |
Allow print |
For each part of your app that allows the user to print secure data, verify the capability is enabled. Also, verify that your app calls the -printPolicyApplied:message: method. |
Do not allow print |
For each part of your app that allows the user to print secure data, verify the capability is removed or disabled. Also, verify that your app calls the -printPolicyApplied:message: method. |