Wrapping technology

AppConnect apps are built using Ivanti’s AppConnect wrapping technology. This technology secures the app from leaking data outside the secure container.

You can create a secure app with minimal application development in many cases. Some development is sometimes necessary to use AppTunnel with HTTP/S tunneling, depending on the APIs the app uses to access enterprise servers. With some APIs, no development is necessary. Also, with some straightforward additional development, an app can receive app-specific configuration from the Ivanti server.

IMPORTANT: Wrapping does not support all Android coding capabilities. Before submitting an app for wrapping, see Capabilities and limitations of apps you can wrap

AppConnect wrapping does the following:

  1. Examines an app’s APK file for operating system calls that impact security.
  2. Replaces these calls with secure AppConnect calls.
  3. Generates a replacement APK file.

The resulting AppConnect app:

  • can run only if the Ivanti server administrator has authorized the app to run on the device.

  • ensures that a user logs in with his AppConnect passcode before using the AppConnect app, if the server administrator requires an AppConnect passcode.

  • overlays the app’s icon with a small badge.

    Device users can have both AppConnect apps and regular, unsecured apps on their devices. This small badge indicates to the user that the app is a secure app.
    The badge for wrapped apps for use with the Secure Apps Manager is different than the badge for wrapped apps for use with the Secure Apps Manager for AppStation.

  • shares data with only other AppConnect apps.

    Exceptions are described in Accessible Apps to preserve the user experience.

  • enforces data loss prevention settings, depending on the Ivanti server policy.

  • supports receiving app configuration from the Ivanti server.

  • supports AppTunnel with HTTP/S tunneling.

  • supports AppTunnel with TCP tunneling when using the Generation 2 mode of the wrapper

  • supports certificate authentication to the enterprise server when using the Generation 2 mode of the wrapper (not available with Ivanti Neurons for MDM)

  • encrypts and decrypts data at runtime.

    File names are not encrypted.

  • remembers the encryption key when running in the background, even when the device user is not logged in to AppConnect apps.

    Email apps, for example, run in the background to synchronize data with the email server. To successfully access their data, these apps require the encryption key. AppConnect wrapping ensures the key is available in the app’s memory.

    Device users must still login with their AppConnect passcodes to access the app, if the Ivanti server administrator requires an AppConnect passcode.

  • supports scoped storage when using the Generation 2 mode of the wrapper.