Test data loss prevention policy handling

The AppConnect container policy for your app specifies its data loss prevention (DLP) policies. In this policy, you specify whether your app is allowed to:

copy content to the iOS pasteboard.

print by using AirPrint, any future iOS printing feature, any current or future third-party libraries or apps that provide printing capabilities.

share documents with other apps.

By changing the AppConnect container policy, you can test:

your app’s behavior for each data loss prevention policy.

how your app handles changes to the policies in its event handlers.

To change the DLP policies:

1. In the Core Admin Portal, select Policies & Configs > Configurations.
2. Select the AppConnect container policy for your app.
3. Click Edit in the right-hand pane.
4. Allow or prohibit features relating to data loss prevention policies as follows:

DLP policy

Description

Allow Print

Select Allow Print if you want the app to use the device’s print capabilities.

Allow Copy/Paste To

Select Allow Copy/Paste To if you want the device user to be able to copy content from the AppConnect app to other apps.

When you select this option, then select either:

  • All Apps

    Select All Apps if you want the device user to be able to copy content from the AppConnect app and paste it into any other app.

  • AppConnect Apps

    Select AppConnect Apps if you want the device user to be able to copy content from the AppConnect app and paste it into only other AppConnect apps.

Allow Open In

Select Allow Open In if you want the app to be allowed to use the device’s Open In (document interaction) feature.

When you select this option, then select either:

  • All Apps

    Select All Apps if you want the app to be able to send documents to any other app.

  • AppConnect Apps

    Select AppConnect Apps to allow an AppConnect app to send documents to only other AppConnect apps.

This option results in the AppConnectCordova.openInPolicy() method returning the value WHITELIST. Also, the AppConnectCordova.openInWhitelist() method contains the list of currently authorized AppConnect apps.

  • Whitelist

    Select Whitelist if you want the app to be able to send documents only to the apps that you specify.

    Enter the bundle ID of each app, one per line, or in a semicolon delimited list. For example:

    com.myAppCo.myApp1

    com.myAppCo.myApp2;com.myAppCo.myApp3

    The bundle IDs that you enter are case sensitive.
5. Click Save.
6. Click Yes to confirm.

Push the change to your device immediately, by doing the following steps on the device:

1. Launch Mobile@Work.
2. Tap Settings.
3. Tap Check for Updates.
4. Tap Force Device Check-in.

If your app is running, it receives the events for the updated DLP policies. Otherwise, it receives the events the next time it runs.

Verify that your app correctly handles the data loss prevention policy changes, as shown in the following table:

Policy change

What to verify

Allow copy/paste to

  • verify that the user can cut or copy text, images, or other data to the pasteboard.

  • where appropriate, verify that any special user interface that offers the ability to cut or copy data is available and enabled.

Also, verify that your app calls the AppConnectCordova.pasteboardPolicyApplied() method.

Allow copy/paste to for AppConnect Apps only

  • verify that the user can cut or copy text, images, or other data to the pasteboard.

  • where appropriate, verify that any special user interface that offers the ability to cut or copy data is available and enabled.

  • verify that the user can paste the data from the pasteboard only into other AppConnect apps.

Also, verify that your app calls the AppConnectCordova.pasteboardPolicyApplied() method.

Do not allow copy/paste to

  • verify that the user cannot to cut or copy text, images, or other data to the pasteboard.

  • where appropriate, verify that any special user interface that offers the ability to cut or copy data is removed or disabled.

Also, verify that your app calls the AppConnectCordova.pasteboardPolicyApplied() method.

Allow open in for all apps

Verify that your app enables user interfaces, if any, that give the user the option to use Open In.

Also, verify that your app calls the AppConnectCordova.openInPolicyApplied() method.

Allow open in for AppConnect apps

Verify that your app enables user interfaces, if any, that give the user the option to use Open In.

Also, verify that your app calls the AppConnectCordova.openInPolicyApplied() method.

Allow open in for whitelisted apps

Verify that your app enables user interfaces, if any, that give the user the option to use Open In.

Also, verify that your app calls the openInPolicyApplied() method.

Do not allow open in

Verify that your app enables user interfaces, if any, that give the user the option to use Open In.

Also, verify that your app calls the -openInPolicyApplied() method.

Allow print

For each part of your app that allows the user to print secure data, verify the capability is enabled.

Also, verify that your app calls the printPolicyApplied() method.

Do not allow print

For each part of your app that allows the user to print secure data, verify the capability is removed or disabled.

Also, verify that your app calls the printPolicyApplied() method.