App for testing legacy configuration handling

To test your app’s configuration handling without using an Ivanti server or Ivanti client app, you can use the AppConnectTester app. Use the AppConnectTester to test your app before you submit it to Ivanti for wrapping. You can enter key-value pairs into the AppConnectTester. It then passes the key-value pairs to your app just as the client app would.

IMPORTANT: The testing app that supports the legacy configuration handling is available only in releases prior to AppConnect 8.6.0.0 for Android. No similar app is available for testing the mechanism described in Handling AppConnect app-specific configuration.

Using AppConnectTester

The AppConnectTester app displays the following:

AppConnect tester

To use AppConnectTester to test your app:

  1. Launch AppConnectTester.

  2. Enter the package name of your app. For example:

    com.mobileiron.helloappconnect

  3. Tap Add.

    AppConnect tester key-value pair

  4. Enter a key and value.

  5. Repeat steps 3 and 4 as needed.

  6. Tap Save+Send.

    AppConnectTester saves your entries, and sends the key-value pairs to your app in the "HANDLE_CONFIG" Intent object.

  7. If your app returns the "configAppliedIntent" Intent object, AppConnectTester displays “Success Received!”

  8. If your app returns the "configErrorIntent" Intent object, AppConnectTester displays the error string that your app specified in the Intent object.

If you tap the button Save+Send null, AppConnectTester saves your entries but sends a null Bundle object in the "HANDLE_CONFIG" Intent object. In a production environment, the Bundle object is null when the Ivanti server administrator has not yet configured the AppConnect app configuration for your app on the server.

Protecting the unwrapped version of your app

If you are a third-party developer, and you are developing both a wrapped version and unwrapped version of your app with the same source code, consider the following scenario.

Your unwrapped version, distributed on Google Play, does not receive configuration from an Ivanti server. However, you use the unwrapped version to test configuration handling with AppConnectTester. Therefore, you must protect your unwrapped app from configuration sent from a potentially malicious app. This additional protection is not necessary for your wrapped app, because the wrapper provides this protection for you.

You provide the protection by using a permission that is granted to apps only if they have the same signature as your app. The AppConnectTester, by using the same signature as your app, can use the permission. When you receive the configuration intent in your onHandleConfig() method, when your app is not wrapped, your app checks whether it owns the permission:

  • If your app owns the permission, process the intent because your app knows it is receiving the configuration intent from the AppConnectTester app.
  • If your app does not own the permission, do not process the intent. Another app, installed before yours, must have declared the permission first, but without requiring apps to have the same signature to be granted the permission. Therefore, although the system granted your app the permission so that your app receives the intent, your app does not process the intent, since it was sent by a potentially malicious app.

Use the following steps to protect your unwrapped app from potentially malicious configuration intents:

  1. In your app’s AndroidManifest.xml, declare the following permission in the <manifest> element:

      <permission
   android:name="com.mobileiron.CONFIG_PERMISSION"
   android:protectionLevel="signature" >

    The "signature" protection level means the system will grant the permission to apps only if they are signed with the same certificate as your app.

  2. In AndroidManifest.xml, request the permission in the <manifest> element:

    <uses-permission android:name="com.mobileiron.CONFIG_PERMISSION" />

  3. In AndroidManifest.xml, in your service that handles the configuration intents, require that the intent comes only from an app with the permission:

    android:permission="com.mobileiron.CONFIG_PERMISSION"

  4. In your onHandleConfig() implementation, process the configuration intent only if your app owns the permission:

      if (!Boolean.parseBoolean(System.getProperty("com.mobileiron.wrapped", "false")) &&;
                     !getPackageName().equals(getPackageManager().getPermissionInfo(
                             "com.mobileiron.CONFIG_PERMISSION", 0).packageName)) {
       // Do not handle the Intent
       return;
  }

  5. Re-sign the AppConfigTester app so that it has the same key as your app.

    When Eclipse builds an app in debug mode, by default it uses the same key for all apps. Therefore, rebuild the AppConfigTester app in Eclipse in debug mode so that it uses the same key as your app in debug mode.