Enterprise private key considerations with AppConnect for Android

By using the AppConnect for Android Wrapping Tool, you can distribute wrapped apps signed with your enterprise private key instead of the Ivanti private key.

Consider the following impact of using an enterprise private key:

You must use your enterprise private key to re-sign all the secure apps that you currently use.

These apps include the apps that Ivanti provides and any other secure apps that you use. You must also re-sign the Secure Apps Manager with your enterprise private key. For each future Secure Apps release, you will again have to re-sign the Secure Apps Manager and all updated apps provided by Ivanti.

You must secure your enterprise private key.

You must secure the enterprise private key to protect the secure apps that you deploy and the devices they are deployed on. If an unauthorized third party obtains the enterprise key without your permission, the third party can sign and distribute apps with your key, allowing them to maliciously replace your apps. These malicious apps could run in the AppConnect container, with access to your enterprise’s sensitive data.

Therefore:

  • Follow industry best practices for securing your enterprise key.
  • Follow industry best practices against losing your key or forgetting the password for the keystore file or the key itself.

You must securely retain backup copies of your enterprise private key and password.

If you lose your enterprise private key or password and do not have a backup, you cannot deploy updates to your apps. Keep at least one secure backup of your key and password. Ivanti will not have a copy of your enterprise private key, and will not be able to assist you with restoring it.

Installing the new re-signed Secure Apps Manager on devices deletes all existing secure apps data on the device.

Your device users will lose all data relating to their secure apps. Going forward, as long as you use the same enterprise key, this loss will not reoccur. If your key is compromised and you have to create a new enterprise key, your device users will again lose all secure apps data.