AppConnect 4.0 for iOS Cordova Plugin revision history
New features
•Drag and Drop data loss prevention policy support
•Native email control using the Open In DLP policy
•App extension control using the Open In DLP policy
•Custom keyboard use controlled by MobileIron server
•Requirement for Face ID usage Info.plist entry
•Support for sending AppConnect logs from Mobile@Work
•Automatic policy status updates sent to MobileIron server
•Support for storing AppConnect library encryption keys in the Secure Enclave
iOS 8 no longer supported
AppConnect 4.0 for iOS is not supported on iOS 8 devices.
See Product versions required .
Drag and Drop data loss prevention policy support
MobileIron server administrators can set a drag and drop policy for each AppConnect app. It specifies whether AppConnect apps can drag content to all other apps, to only other AppConnect apps, or not at all. The AppConnect library enforces this policy. Your app provides no code to support the drag and drop policy.
This feature is not supported with MobileIron Cloud.
See Data loss prevention policies.
Native email control using the Open In DLP policy
The Open In Data Loss Prevention policy now includes controlling whether an app can share documents with the native iOS mail app. Opening a document with the native iOS mail app is allowed only if one of the following is true:
•Open In is allowed for all apps
•Open In is allowed for only whitelisted apps, and the native iOS mail app is in the whitelist. The whitelist must contain both of these bundle IDs: com.apple.UIKit.activity.Mail and com.apple.mobilemail.
App extension control using the Open In DLP policy
The Open in data loss protection policy now includes restricting access to the iOS extensions that apps provide. Specifically:
|
Open In DLP for host app (the app using the extension) |
Extension behavior |
|
All apps allowed |
The host app can use any app’s extension for Open In. |
|
Only AppConnect apps allowed |
The host app can use only extensions provided by AppConnect apps for Open In. |
|
Whitelist |
The host app can use only extensions of apps in the whitelist for Open In. |
Custom keyboard use controlled by MobileIron server
The MobileIron server can now control custom keyboard use by your AppConnect app. If the administrator does not configure this choice, your app can choose to reject custom keyboard use.
Screen blurring
AppConnect 4.0 for iOS adds support for blurring screens when the app becomes inactive. If your app provided its own screen blurring, remove that code. By using the AppConnect library’s screen blurring capability, all AppConnect apps behave consistently.
To enable screen blurring, add the key MI_AC_PROVIDE_SCREEN_BLUR to your app’s Info.plist as a Boolean. Set the value to YES.
When you set the Info.plist key MI_AC_PROVIDE_SCREEN_BLUR to YES, the MobileIron server administrators can disable screen blurring by setting a key-value pair on the server for your app’s configuration. The server key is MI_AC_ENABLE_SCREEN_BLURRING with the value false.
Requirement for Face ID usage Info.plist entry
Include Privacy - Face ID Usage Description to your app’s info.plist, with a string value indicating the purpose of Face ID use. For example, add the value AppConnect. If you manually add this key, its name is NSFaceIDUsageDescription.
Server administrators can allow the use of Touch ID or Face ID instead of an AppConnect passcode. Therefore, this Info.plist entry is required on iOS 11 through the latest supported version.
See Allow Face ID.
Support for sending AppConnect logs from Mobile@Work
AppConnect apps using AppConnect 4.0 for iOS support the feature in Mobile@Work for iOS that sends AppConnect logs to an email address of your choice, such as a company’s helpdesk. This feature requires Mobile@Work 9.8 for iOS through the latest supported version.
Mobile@Work displays the option to send logs on the app’s status details screen, available in Mobile@Work at Settings > Secure Apps > <app name>. The option is at the bottom of the screen with this text: Send <app name> Logs.
The option is displayed only for apps using AppConnect 4.0 for iOS. However, the displayed option is disabled if the app’s AppConnect authorization status is not authorized.
When the option is displayed and enabled, tapping it brings up the list of apps able to share the log files, such as email apps, if you included the following key-value pair for the app in its AppConnect app configuration:
•MI_AC_ENABLE_LOGGING_TO_FILE set to Yes
Automatic policy status updates sent to MobileIron server
The AppConnect library now automatically sends a status update to the MobileIron server when it receives the following changes:
|
Change |
Status update that AppConnect library sends to MobileIron server |
|
Open In policy |
Informs server that the policy change has been applied. |
|
Pasteboard policy |
Informs server that the policy change has been applied. |
|
Print policy |
Informs server that the policy change has been passed to the app. |
|
Configuration values |
Informs server that the configuration change has been passed to the app. |
|
Authentication status |
Informs server that the authentication change has been passed to the app. |
This change has no impact on your app’s implementation. Your app should continue to always call the appropriate notification acknowledgment method:
Support for storing AppConnect library encryption keys in the Secure Enclave
For heightened security of the encryption keys that the AppConnect library uses, a MobileIron server administrator can now specify that the keys are stored in the Apple hardware known as the Secure Enclave. By using the Secure Enclave, the encryption key’s attack surface is reduced, because the keys are stored in the Secure Enclave rather than in memory. The MobileIron server administrator uses the key named MI_AC_CONTAINER_TYPE with the value ENCLAVE in the app’s app configuration. The AppConnect library consumes this key. It is not passed to your app in Its configuration key-value pairs.
To benefit from this feature, the device must:
•have Apple’s Secure Enclave hardware.
Devices that have biometric security have Secure Enclave hardware.
•be running iOS 11 through the latest supported version
•be running Mobile@Work 9.8 for iOS through the latest supported version
Go does not support this feature.
Resolved issues
•AP-4446: Fixed an issue where the authStateChangeTo event was not called when using the AppConnect Cordova Plugin.
•AP-4202: Custom protocol classes set to NSURLSessionConfiguration were previously ignored in AppConnect apps. This issue has been fixed.
•AP-4133: Added ability to use NSURLConnection with NSURLSession networking with AppTunnel.
Known issues
•AP-4657: The "unauthorized message" screen is blurred. It continues to be blurred until the next time the app switches to the MobileIron client app. After the next AppConnect checkin, the screen is no longer blurred.
Limitations
•AP-4720: On some devices, screen blurring does not occur when going to the Task Switcher.