Using the AppConnect for Android Wrapping Tool in UI mode

Using the wrapping tool in UI mode involves these high-level tasks:

Before you begin 

Overview 

  1. Launching the wrapping tool

  2. Providing developer settings to the wrapping tool

  3. Selecting wrapping options in the wrapping tool

  4. Wrapping and signing an app with the wrapping tool

Next steps 

Launching the wrapping tool

To use the wrapping tool, launch it, and accept the license agreement.

Procedure 

  1. Enter the following at the command prompt to launch the app:

    java -jar path\ wrap-tool.jar

    Where:

    • path\-jar wrap-tool is the location and name of the wrapping tool jar file.

    Example  

    java -jar C:\Users\testuser\Downloads\wrap-tool-1.14.18-9.2.0.0.4.jar

  2. Accept the license agreement.

    You are not prompted to accept the license agreement if you had accepted it in a previous version of the tool.

Providing developer settings to the wrapping tool

Before wrapping or signing an app, provide the necessary developer settings to the wrapping tool.

Procedure 

  1. In the wrapping tool, go to Developer Settings.

  2. Browse to the Android SDK directory or enter its path.

    Example  

    On Windows: C:\Users\username\AppData\Local\Android\SDK

    On macOS: /Users/username/Library/Android/SDK

    If the ANDROID_HOME environment variable is set, filling in this field is unnecessary.

  3. In Developer Settings, if you are using Windows, enter Java VM options if necessary.

    This option is necessary if the Windows computer has less than 8GB of RAM.

    Example  

    -Xmx5000M

  4. Drag and drop or browse to the keystore file that contains your enterprise private key.

  5. Enter the keystore password, the key alias, and the key password.

  6. Click Save.

    The wrapping tool displays that your keystore has been successfully uploaded.

  7. Click Done.

Selecting wrapping options in the wrapping tool

Before wrapping an app, select the appropriate wrapping options in the wrapping tool. These steps are not necessary when you are signing the app, but not wrapping it.

Procedure 

  1. Select the wrapper version.

    Keep in mind that the wrapped app will require a Secure Apps Manager with at least the same version as the wrapper version.

    To wrap an app with an earlier version of the Secure Apps wrapper than the choices given, contact IvantiTechnical Support.

  2. Select either Generation 1 or 2.

  3. Select Calendar Access to allow the app to export data to the device’s calendar database.

    This option allows data export when the app uses the Calendar Provider Android API.

  4. Select Contacts Access to allow the app to export data to the device’s contact database.

    This option allows data export when the app uses the Contact Provider Android API.s

  5. Select Show next to Advanced Settings field, scroll down to Custom Options, and enter the flag
    -addInternetPermission if both of the following are true:

    • Your app uses the android.media.MediaPlayer or android.media.MediaMetaDataRetriever APIs.

    • Your app does not include android.permission.INTERNET in its AndroidManifest.xml file

    If you turn on Custom Options, the default custom options are:

    • -allowAccessGoogle, which allows the app to use Google Play services
    • -allowNativeCode, which allows the app to use native libraries

IMPORTANT: Do not select any other Advanced Settings or make other modifications to Custom Options unless Ivanti Technical Support has instructed you to do so. The following flags are available:

Table 7.  Available flags

Flag

Description

-ignoreSqlCipher

See Encryption of the SQLCipher database.

-allowIntentAction

See Receiving information from outside the AppConnect container.

-enableCrashlytics or

-allowCrashlytics

See Firebase Cloud Messaging and Crashlytics support.

Earlier versions of AppConnect supported the -allowCrashlytics option and not the -enableCrashlytics option.

-disableArm64

See 64-bit support.

-keepJavaNativesLazyLinking

See Linking native Java methods

Determining the wrapping mode

Wrapping and signing an app with the wrapping tool

After selecting developer settings and wrapping options in the wrapping tool, you can wrap and sign an app.

Procedure 

  1. Drag and drop or browse to the unwrapped app’s APK file.

    The wrapping and signing process begins.

  2. If wrapping and signing succeed, the wrapping tool displays that wrapping and signing was successful.

    It provides a link to the same directory as the unwrapped APK file, and places the following files in the directory:

    • the wrapped and signed APK file, named <file name>.wrapped.signed.apk

      You will upload this file to the Ivanti server as an in-house app for distribution to devices.

    • the wrapped and unsigned file, named <file name>.wrapped.apk
      asdf

    • a log file about wrapping, named <file name>.apk.result.json

  3. If wrapping or signing fail, the wrapping tool displays that it failed. It provides a link to the same directory as the unwrapped APK file, and places the following files in the directory:

    • a log file about wrapping, named <file name>.apk.result.json

    • a signing error file, named <file name>.apksigner.errors

Using the AppConnect for Android Wrapping Tool in UI mode.

Signing an app with the wrapping tool

After selecting developer settings in the wrapping tool, you can sign a wrapped app with your enterprise private key. The app can be unsigned or already signed. You can also re-sign the Secure Apps Manager. Use this procedure to:

  • Sign your own wrapped apps.
  • Re-sign Ivanti-provided apps with your enterprise private key. Re-sign the apps each time you get a new release of the app from Ivanti.
  • Re-sign your own apps and Ivanti-provided apps with a new enterprise private key when, for example, the previous enterprise private key had been compromised.

Procedure 

  1. Select Sign Only in the wrapping tool where you drag and drop your app. It can be unsigned or already signed.

  2. Drag and drop or browse to the app’s APK file.

    The signing process begins.

  3. If signing succeeds, the wrapping tool displays that signing was successful.

    It places the wrapped and signed file in the same directory as the submitted APK file, and provides a link to that directory. The file is named:

    The file is named:

    <file name>.signed.apk

  4. If signing fails, the wrapping tool displays that signing failed. It provides a link to the same directory as the unwrapped APK file, and places in the directory a signing error file named <file name>.apksigner.errors.