Data loss prevention policies

An app can leak data if it uses iOS features such as copying to the iOS pasteboard, document interaction (Open In), and print capabilities. An Ivanti server administrator specifies on the server whether each app is allowed to use each of these features. The AppConnect for iOS Wrapper Library enforces the policies in the app.

Specifically:

  • the print policy indicates whether the app is allowed to use: AirPrint, any future iOS printing feature, any current or future third-party libraries or apps that provide printing capabilities.

  • The pasteboard policy specifies whether your app is allowed to copy content to the iOS pasteboard. If copying content is allowed, the policy specifies whether all apps, or only AppConnect apps, can paste the copied content from the pasteboard.

  • The drag and drop policy specifies whether AppConnect apps can drag content to all other apps, to only other AppConnect apps, or not at all.

  • The Open In policy specifies the apps, including the extensions that apps provide, with which your app can share documents. The policy specifies no apps, all apps, all AppConnect apps, or a set of apps. A set of apps is called the whitelist. Whether your app can share documents with the native iOS mail app is also controlled by the Open In policy.

In iOS 11 and supported newer versions, regardless of the Open In policy, iOS always displays all apps that support the document type as possible target apps. However, if a user taps on an app that is not allowed based on the Open In policy, nothing happens. On iOS versions prior to iOS 11, only allowed apps are displayed. The iOS behavioral change impacts all wrapped apps, regardless what version of the wrapper they are wrapped with.

  • The Open From policy specifies the apps, including the extensions that apps provide, from which your app can receive documents when the other app uses the Open In iOS feature. The policy specifies no apps, all apps, all AppConnect apps, or a set of apps. A set of apps is called the whitelist.

The administrator applies the appropriate policies to a set of devices. Sometimes more than one set of policies exists on the Ivanti server for an app if different users require different policies.