Test data loss prevention policy handling

The AppConnect container policy for your app specifies its data loss prevention (DLP) policies. In this policy, you specify whether your app is allowed to:

copy content to the iOS pasteboard.

drag and drop content to other apps

print by using AirPrint, any future iOS printing feature, any current or future third-party libraries or apps that provide printing capabilities.

share documents with other apps.

By changing the AppConnect container policy, you can test:

your app’s behavior for each data loss prevention policy.

how your app handles changes to the policies in the notification callback methods in the AppDelegateProtocol.

To change the DLP policies:

1. In the Admin Portal, select Policies & Configs > Configurations.
2. Select the AppConnect container policy for your app.
3. Click Edit in the right-hand pane.
4. Allow or prohibit features relating to data loss prevention policies as follows:

Table 50.   DLP policy descriptions

DLP policy

Description

Allow Print

Select Allow Print if you want the app to use the device’s print capabilities.

Allow Copy/Paste to

Select Allow Copy/Paste to if you want the device user to be able to copy content from the AppConnect app to other apps.

When you select this option, then select either:

All Apps

Select All Apps if you want the device user to be able to copy content from the AppConnect app and paste it into any other app.

AppConnect Apps

Select AppConnect Apps if you want the device user to be able to copy content from the AppConnect app and paste it into only other AppConnect apps.

Allow Drag and Drop

Select Allow Drag and Drop if you want the device user to be able to drag content from the AppConnect app to other apps.

When you select this option, then select either:

All Apps

Select All Apps if you want the device user to be able to drag content from the AppConnect app to any other app.

AppConnect Apps

Select AppConnect Apps if you want the device user to be able to drag content from the AppConnect app to only other AppConnect apps.

Allow Open In

Select Allow Open In if you want the app to be allowed to use the device’s Open In (document interaction) feature.

When you select this option, then select either:

All Apps

Select All Apps if you want the app to be able to send documents to any other app.

AppConnect Apps

Select AppConnect Apps to allow an AppConnect app to send documents to only other AppConnect apps.

This option results in the openInPolicy property having the value ACOPENINPOICY_WHITELIST. Also, the openInWhitelist property contains the list of currently authorized AppConnect apps.

Whitelist

Select Whitelist if you want the app to be able to send documents only to the apps that you specify.

Enter the bundle ID of each app, one per line, or in a semicolon delimited list. For example:

com.myAppCo.myApp1

com.myAppCo.myApp2;com.myAppCo.myApp3

The bundle IDs that you enter are case sensitive.

5. Click Save.
6. Click Yes to confirm.

Push the change to your device immediately, by doing the following steps on the device:

1. Launch Mobile@Work.
2. Tap Settings.
3. Tap Check for Updates.
4. Tap Force Device Check-in.

If your app is running, it receives the notifications for the updated DLP policies. Otherwise, it receives the notifications the next time it runs.

Verify that your app correctly handles the data loss prevention policy changes, as shown in the following table:

 

Table 51.   What to verify when a DLP policy changes

Policy change

What to verify

Allow copy/paste to

Verify that the user can cut or copy text, images, or other data to the pasteboard.

Where appropriate, verify that any special user interface that offers the ability to cut or copy data is available and enabled.

Also, verify that your app calls the -pasteboardPolicyApplied:message: method.

Allow copy/paste to for AppConnect Apps only

Verify that the user can cut or copy text, images, or other data to the pasteboard.

Where appropriate, verify that any special user interface that offers the ability to cut or copy data is available and enabled.

Verify that the user can paste the data from the pasteboard only into other AppConnect apps.

Also, verify that your app calls the -pasteboardPolicyApplied:message: method.

Do not allow copy/paste to

Verify that the user cannot to cut or copy text, images, or other data to the pasteboard.

Where appropriate, verify that any special user interface that offers the ability to cut or copy data is removed or disabled.

Verify your implementation of the callback method
-appConnect:copyAttemptedWhenUnauthorized:.

Also, verify that your app calls the -pasteboardPolicyApplied:message: method.

Allow drag and drop to only AppConnect apps

Verify your implementation of the callback method -appConnectAttemptedDragAndDropToUnauthorizedApp:.

Allow open in for all apps

Verify that your app enables user interfaces, if any, that give the user the option to use Open In.

Also, verify that your app calls the -openInPolicyApplied:message: method.

Allow open in for AppConnect apps

Verify that:

your app enables user interfaces, if any, that give the user the option to use Open In.

your app calls the -openInPolicyApplied:message: method.

the -appConnect:openInAttemptedWhenACOpenInPolicyBlocked: callback method, if implemented, behaves as you expect.

Allow open in for whitelisted apps

Verify that:

your app enables user interfaces, if any, that give the user the option to use Open In.

your app calls the -openInPolicyApplied:message: method.

the -appConnect:openInAttemptedWhenACOpenInPolicyBlocked: callback method, if implemented, behaves as you expect.

Do not allow open in

Verify that:

your app disables user interfaces, if any, that give the user the option to use Open In.

your app calls the -openInPolicyApplied:message: method.

the -appConnect:openInAttemptedWhenACOpenInPolicyBlocked: callback method, if implemented, behaves as you expect.

Allow print

For each part of your app that allows the user to print secure data, verify the capability is enabled.

Also, verify that your app calls the -printPolicyApplied:message: method.

Do not allow print

For each part of your app that allows the user to print secure data, verify the capability is removed or disabled.

Also, verify that your app calls the -printPolicyApplied:message: method.