Device-initiated security controls for AppConnect for Android

You can protect corporate data on devices even when the devices are off-line. If the device is compromised (rooted) or USB debugging is enabled, MobileIron Go can retire all secure apps on the device. Retiring secure apps means that they become unauthorized (blocked), and their data is deleted (wiped).

The detection of these two security violations occurs on the device. Furthermore, the decision to retire secure apps because of these violations also occurs on the device. Connectivity with MobileIron Cloud is not required for these security controls.

You configure these actions in the Compromised Devices, Data Protection/Encryption Disabled, or Custom Policy policies on MobileIron Cloud.

For information about configuring actions in policies, see "Policies" in the MobileIron Cloud Administrator Guide.

Interaction with the Exchange setting

These compliance actions retire all secure apps, which can include email clients. However, the device user can still use lower priority email clients, such as the native Samsung email client, if the device’s Exchange setting allows them.

Therefore, if you do not want to allow any email access when the device is compromised or USB debugging is enabled, modify the Exchange setting:

1. In MobileIron Cloud, go to Configurations.
2. Edit the Exchange setting that is applied to the devices of interest.
3. In the Android section, modify the Exchange App Priority so that only AppConnect-enabled email clients are selected.
4. Click Save