Features of AppConnect for Android apps
An Android device user can use an AppConnect app only if:
- the device user has been authenticated through the Ivanti server.
The user must use the [email protected], Go, or AppStation for Android app to register the device with the Ivanti server. Registration authenticates the device user. Only registered devices can use an AppConnect app.
- the server administrator has authorized the device user to use the AppConnect app.
- the device user has entered the passcode for using AppConnect apps, if required by the server administrator.
With the AppConnect passcode, the device user can access all the AppConnect apps. When presented to device users, it is called the secure apps passcode. On the server Admin Portal, the administrator configures the rules for this AppConnect passcode. Access to AppConnect apps times out after a period of inactivity, after which the device user must reenter the AppConnect passcode.
The AppConnect passcode is not the same passcode as the device password, if a device password exists. The device user can choose the same values for both the AppConnect apps passcode and the device password, or choose a different value for each of them.
encrypt their application data.
Application data on the device is encrypted using AES-256 encryption. The encryption key is not stored on the device. It is programmatically derived, in part from the device user’s AppConnect passcode. Therefore, the application data is secure even on a device that becomes compromised.For hybrid web apps, data related to the android.webkit package’s WebView class is encrypted. This web-related data can include cookies, the web cache, and web databases.
File names are not encrypted.
- use only containerized data.
AppConnect apps can share data only with other AppConnect apps. Unsecured apps cannot access the data. Data in the secure container stays in the secure container.
Exceptions are described in Accessible Apps to preserve the user experience.
- enforce data loss prevention.
The server administrator determines the data loss prevention policies for an app. For example, these policies include whether an app allows screen capture, copy/paste interaction with other apps, and access to the camera, gallery, or media player. The AppConnect app’s wrapper enforces the policies.
- can tunnel network connections to servers behind an enterprise’s firewall.
This capability means that device users do not have to separately set up VPN access on their devices to use the app.
- can send a certificate to identify and authenticate the app user to an enterprise server.
Depending on the enterprise server implementation, this authentication occurs without interaction from the device user beyond entering the AppConnect passcode. That is, the device user does not need to enter a user name and password to log into enterprise services. Therefore, this feature provides a higher level of security and an improved user experience.
This feature is not available with Ivanti Neurons for MDM.
- can receive app-specific configuration information from the Ivanti server.
This capability requires some additional app development. It means that device users do not have to manually enter configuration details that the app requires. Furthermore, for security reasons, some apps do not want to allow the device users to provide certain configuration settings at all. By automating the configuration process for the device users, each user has a better experience when installing and setting up apps. Also, the enterprise has fewer support calls, and the app is secured from misuse due to configuration.
- provide anti phishing protection.
If anti-phishing is enabled in the UEM using Mobile Threat defense and users have enabled anti-phishing on their device, when users tap on a URL in their AppConnect app, anti-phishing protection is triggered. However, entering a URL directly into a browser or tapping a web link in a browser does not trigger anti-phishing support. For information about Mobile Threat Defense, see the Mobile Threat Defense Solution Guide for your UEM.