AppConnect for Android overview

Ivanti supports AppConnect for Android by wrapping Android apps. The following sections provide an overview.

• Wrapping modes
• The Ivanti client app, the Secure Apps Manager, and the AppConnect wrapper
• Supported Android device processors
• Supported Android operating systems
• Samsung Knox container (Knox Workspace) and AppConnect apps
• AppConnect for Android component support and compatibility
• Data loss prevention for secure apps for Android
• Data encryption for secure apps for Android
• Special badging for secure apps for Android

Wrapping modes

Two modes of wrapping are available:

• Generation 2
• Generation 1

Generation 2 wrapping is the default mode, and is required for a number of Android features. Generation 1 wrapping should only be used for features not supported by Generation 2. For information about the features supported by Generation 2 and Generation 1 wrapping modes, see "Wrapping support of commonly used app capabilities" in the AppConnect for Android App Developers Guide available on the AppConnect Landing Page.

AppConnect apps are supported only in multiple-app kiosk mode. They are not supported in single-app kiosk mode. For Kiosk mode information, see the Ivanti Neurons for MDM Administrator Guideon the Ivanti Neurons for MDM Apps Landing Page.

The Ivanti client app, the Secure Apps Manager, and the AppConnect wrapper

Two Ivanti apps work together on the Android device to support AppConnect. Together, they provide the security and management of all the AppConnect apps.

These Ivanti apps are:

• Go
• Secure Apps Manager

Each AppConnect app is wrapped with the AppConnect wrapper, which enforces security along with the Ivanti client app and the Secure Apps Manager. On the device, the AppConnect apps are called secure apps.

The Secure Apps Manager performs the following tasks to support AppConnect apps on Android devices:

• manages the data encryption key.
• handles the AppConnect passcode login for all AppConnect apps.
• provides a list of all the AppConnect apps on the device.

When a new Secure Apps Manager becomes available, you do not need to re-wrap all your apps. Secure Apps Manager is backward compatible. A wrapped app requires the corresponding or newer version of Secure Apps Manager. For example, an app wrapped with Wrapper 8.5.0.0 requires Secure Apps Manager 8.5.0.0 or later version that supports apps wrapped with Wrapper 8.5.0.0.

For Ivanti Neurons for MDM deployments, the Secure Apps Manager is bundled with Go. The Secure Apps Manager is automatically installed on a device when you distribute an AppConnect app for Android to a device. The Secure Apps Manager is automatically updated to the latest version of Secure Apps Manager that Ivanti Neurons for MDM supports.

For the AppConnect app compatibility with the latest version of Secure Apps Manager, see the AppConnect for Android release notes available in the AppConnect Landing Page.

Support for various AppConnect for Android features sometimes require minimum versions of the Ivanti client app, Secure Apps Manager, and the wrapper, as specified in each feature’s description.

Supported Android device processors

AppConnect on Android is supported on devices with:

• 32-bit ARM processors
• 64-bit ARM processors

Supported Android operating systems

For Android versions that AppConnect for Android supports, see the AppConnect for Android Release Notes and Upgrade Guide.

For Android versions that the Ivanti Neurons for MDM supports, see the Ivanti Neurons for MDM Release Notes.

However, some AppConnect for Android features require one of the more recent Android versions. These exceptions are noted in specific feature descriptions.

Samsung Knox container (Knox Workspace) and AppConnect apps

The Samsung Knox container, known as the Knox Workspace, is not supported with AppConnect apps. Specifically:

• The Samsung Knox container does not support any AppConnect apps running inside the Knox container.
• Ivanti does not support using both a Knox container and AppConnect container on the same device.

AppConnect for Android component support and compatibility

For the supported versions of the various components in an AppConnect deployment, including the Secure Apps Manager, Go for Android / iOS, and Ivanti Neurons for MDM , see the AppConnect for Android Release Notes and Upgrade Guide in the Ivanti Product Documentation Page under AppConnect.

Data loss prevention for secure apps for Android

Data loss prevention policies for secure apps allow you to secure the sensitive data in AppConnect apps. With data loss prevention policies, you determine whether:

• device users can take screen captures of protected data.
• AppConnect apps can access camera photos or gallery images.
• AppConnect apps can stream media to media players.
• AppConnect apps have copy/paste restrictions.
• tapping a web link in an AppConnect app can open the web page in an unsecured browser.
• tapping a web link in a non-AppConnect app can open the web page in Web@Work.

Document interaction (Open In) is always restricted to all AppConnect apps for Android.

Data encryption for secure apps for Android

App data for AppConnect apps on the device is encrypted. AES-256 encryption (which uses a key size of 256 bits) is used.

The encryption key is not stored on the device. It is programmatically derived. If an AppConnect passcode is required, it is used in the encryption key’s derivation, making the application data secure even on a device that becomes compromised. When a device is compromised, it is rooted.

Special badging for secure apps for Android

An Android device user recognizes that an app is a secure app because its icon is overlaid with a special badge.